[4115] in linux-announce channel archive
Linux-Announce Digest #407
daemon@ATHENA.MIT.EDU (Digestifier)
Fri May 9 17:13:54 2003
From: Digestifier <Linux-Announce-Request@senator-bedfellow.mit.edu>
To: Linux-Announce@senator-bedfellow.mit.edu
Reply-To: Linux-Announce@senator-bedfellow.mit.edu
Date: Fri, 9 May 2003 17:13:04 EDT
Linux-Announce Digest #407, Volume #4 Fri, 9 May 2003 17:13:04 EDT
Contents:
AEOSC 2003 -- Call for Papers (M. Moonshi)
Issue #49 of Georg's Brave GNU World, the monthly GNU forum has ("Georg C. F. Greve")
ANNOUNCE: web2ldap release 0.11.20 (=?ISO-8859-1?Q?Michael_Str=F6der?=)
Linux Advisory Watch - May 9th 2003 (Jennifer Olson)
EnGarde Secure Linux Wins Hardened Linux Solution Award for 2003 (Jennifer Olson)
----------------------------------------------------------------------------
From: moonshi@moonshi.com (M. Moonshi)
Subject: AEOSC 2003 -- Call for Papers
Date: 9 May 2003 01:45:08 GMT
Dear Open Source Software users:
CALL FOR PAPERS
Asian Enterprise Open Source Conference 2003
October 29th-31st, 2003 Singapore
This annual conference and expo aims to draw world-renowned experts in the
exciting field of Open Source Software and showcase the state-of-the-art
of Open Source Computing in the IT hub of South-East Asia, Singapore.
AEOSC follows the success of the Singapore Linux Conference, held in 1999,
2000, and 2001. This year, with the global recognition of Linux and Open
Source Software in general, we have broadened the range of issues we plan
to cover.
In this fourth edition, the conference will focus on the growth of Open
Source Software as a broadly available, trusted, secure, low-cost and
non-proprietary enterprise class software.
CONFERENCE
Papers are invited for presentation during the Conference, which will be
held on Wednesday 29th, Thursday, 30th, and Friday, 31st October 2003.
There will be four tracks, "Business", "Technical", "Policy/Standards" and
"Education". The topics below are meant to indicate the possible variety
of areas and should not be regarded as exhaustive.
TARGETTED AUDIENCE
* CxOs
* Business Managers
* Application Developers
* Enterprise Software Developers
* Open Source Software Evangelists
* Data Center Managers
* System/Network Engineers
* IT Project Managers
AGENDA
* Linux, *BSD, Mac OS X
* Apache, Perl, PHP, Python, MySQL, JBoss & other heavily
used & recognized OSS projects
* Policy issues from an adoption as well as a governmental/
regional perspective
* Educational issues: bringing the SchoolForge and OpenSchools
effort to a local/regional audience
* Hosting of the Asia Open Source Symposium follow-on event
* Linux Users' Group (Singapore) Awards
* Exposition/Exhibition (tentative)
Prospective authors are requested to submit abstract of their papers in
less than 300 words for review. Electronic submissions are strongly
encouraged through email. Once selected, hard-copy submissions are also
allowed, and one copy of the manuscript should be sent to the address
below.
You may like to take a note of the following dates:
* Submission of abstract paper - June 1st, 2003
* Submission of full paper - August 1st, 2003
Submission of papers will be reviewed by the Technical Program Committee,
and reviewers' comments will be relayed to the authors on request in the
interest of transparency.
TUTORIALS
Tutorial sessions will be held for 1-day only on Wednesday, 29th October
2003. Tutorials have a strong technical bias and are intended for a more
mature audience, in terms of Computing and Programming exposure. We will
also consider tutorials that are in the introductory in nature as well.
Prospective tutorial speakers are invited to submit proposals to the
Conference Secretariat. Each
proposal should include:
* a summary
* a course outline and
* a brief biography of the speaker
Proposals complete with the required documents should be sent to the
address below.
CORRESPONDENCE ADDRESS
ATTN: Mr. Mohsenruddin Moonshi
TechWorx Solutions Pte Ltd
9 Temasek Boulevard
#31-02 Suntec Tower Two
Singapore 038989
Email: mmoonshi@techworx.net
Tel: +65 9745 2310
Fax: +65 6356 7045
Correspondence will be acknowledged and thank you for your attention.
--
Best regards,
Mohsenruddin Moonshi
moonshi@moonshi.com
Committee Member, AEOSC 2003
Ver.CFP-20030507-02
##########################################################################
# Send submissions for comp.os.linux.announce to: cola@stump.algebra.com #
# PLEASE remember a short description of the software and the LOCATION. #
# This group is archived at http://stump.algebra.com/~cola/ #
##########################################################################
------------------------------
From: "Georg C. F. Greve" <greve@gnu.org>
Subject: Issue #49 of Georg's Brave GNU World, the monthly GNU forum has
Date: 9 May 2003 12:50:01 GMT
Reply-To: Brave GNU World <column@gnu.org>
[Please repost and forward this article widely, wherever it
is appropriate.]
Issue #49 of Georg's Brave GNU World,
the monthly GNU forum has been released.
-- Georg Greve
Hello everyone,
Issue #49 of the column is now online and it can -- as usual -- be
found on the GNU Webpage and its mirrors. Otherwise just follow the
links at the end of this posting.
Georg's Brave GNU World is a monthly column which is being released in
ten languages (English, German, French, Japanese, Spanish, Korean,
Portugese, Italian, Chinese and Catalan) on the web and printed in the
German "Linux-Magazin," the "Linux Magazine" U.K., the "Microsoftware"
(large computer magazine in Korea) and the "Linux Magazine France."
This makes it the monthly column with the widest distribution
worldwide afaik.
If you would like to receive mail about new issues directly, you can
subscribe to the "Brave GNU World" announcement mailinglist. Just
send mail to <brave-gnu-world-request@gnu.org> with "subscribe" in
the *body*. The mailinglist is only for announcements that are related
to the "Brave GNU World" and is of very low volume (between 1 and 2
mails a month).
The 49th issue covers the following topics:
* Skidbladnir [ Free Software based on the Theory of
Inventive Problem Solving ]
* Lush [ An object-oriented scientific language ]
* jMax [ A graphical development environment for
interactive multimedia applications ]
* Java dependencies [ Problems of some projects with Java
dependencies ]
* pyMax [ Creating a GUI for jMax free of proprietary
dependencies ]
This column intends to provide a forum for all GNU maintainers,
friends and associates and I am always open to suggestions. So if
you
* have questions about the GNU Project that might be of general
interest
* have a GNU Project and would like to improve its profile
* would like to start a GNU Project you are looking for people to
start it with
* think something doesn't get the publicity it deserves
* would like to see something made public
send mail to:
"Brave GNU World <column@gnu.org>"
This column is for everyone with an interest in Free Software,
so don't hesitate to contact me if your project is under a Free
Software license (http://www.gnu.org/philosophy/license-list.html)
and you'd like to see it introduced here.
The 49th issue can be found at
http://www.gnu.org/brave-gnu-world/issue-49.en.html
[ English version ]
http://www.gnu.org/brave-gnu-world/issue-49.de.html
[ German version ]
http://www.gnu.org/brave-gnu-world/issue-49.ca.html
[ Catalan version ]
or via the "Brave GNU World" homepage
http://www.gnu.org/brave-gnu-world/brave-gnu-world.en.html
[ English version ]
http://www.gnu.org/brave-gnu-world/brave-gnu-world.fr.html
[ French version ]
http://www.gnu.org/brave-gnu-world/brave-gnu-world.de.html
[ German version ]
http://www.gnu.org/brave-gnu-world/brave-gnu-world.it.html
[ Italian version ]
http://www.gnu.org/brave-gnu-world/brave-gnu-world.ja.html
[ Japanese version ]
http://www.gnu.org/brave-gnu-world/brave-gnu-world.es.html
[ Spanish version ]
http://www.gnu.org/brave-gnu-world/brave-gnu-world.ca.html
[ Catalan version ]
http://www.gnu.org/brave-gnu-world/brave-gnu-world.ko.html
[ Korean version ]
http://www.gnu.org/brave-gnu-world/brave-gnu-world.pt.html
[ Portugese version ]
http://www.gnu.org/brave-gnu-world/brave-gnu-world.zh.html
[ Chinese version ]
That's it for now...
Regards,
Georg Greve
--
Georg C. F. Greve <greve@brave-gnu-world.org>
Brave GNU World (http://brave-gnu-world.org)
Free Software Foundation Europe (http://www.fsfeurope.org)
##########################################################################
# Send submissions for comp.os.linux.announce to: cola@stump.algebra.com #
# PLEASE remember a short description of the software and the LOCATION. #
# This group is archived at http://stump.algebra.com/~cola/ #
##########################################################################
------------------------------
From: =?ISO-8859-1?Q?Michael_Str=F6der?= <michael@stroeder.com>
Subject: ANNOUNCE: web2ldap release 0.11.20
Date: 9 May 2003 13:30:05 GMT
Reply-To: feedback@web2ldap.de
HI!
Find a new release of web2ldap on
http://www.web2ldap.de/download.html
About:
web2ldap is a full-featured LDAP client written in Python and designed to
run as a stand-alone Web gateway or under the control of a web server with
FastCGI or SCGI support (e.g., Apache with mod_fastcgi or mod_scgi).
Ciao, Michael.
***** web2ldap 0.11.20 *****
Release Date: 2003-05-09
* New stand-alone configuration option
web2ldapcnf.standalone.bind_address which is equivalent to
command-line option -l.
* Exception ldap.INVALID_DN_SYNTAX caught in w2lapp.add and input
form for correcting the RDN input is displayed to user.
##########################################################################
# Send submissions for comp.os.linux.announce to: cola@stump.algebra.com #
# PLEASE remember a short description of the software and the LOCATION. #
# This group is archived at http://stump.algebra.com/~cola/ #
##########################################################################
------------------------------
From: Jennifer Olson <jen@guardiandigital.com>
Subject: Linux Advisory Watch - May 9th 2003
Date: 9 May 2003 18:40:09 GMT
+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| May 9th, 2002 Volume 4, Number 18a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
dave@linuxsecurity.com ben@linuxsecurity.com
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilitiaes that have been announced throughout the week. It
includes pointers to updated packages and descriptions of each
vulnerability.
This week, advisories were released for samba, file, tcpsec, krb5, vnc,
snort, epic4, balsa, leksbot, libgtop, fuzz, openssh, MySQL, and
mod_auth_any. The distributors include SCO, Conectiva, Connectiva,
Debian, Gentoo, and RedHat.
Have you noticed any changes with this week's newsletter? It probably will
not take you long to realize that something is different. First, rather
than sorting security advisories by package, we are now sorting by
distribution. The purpose of that is to allow you to more easily find
information about your desired distribution. Second, the description
information provided with each advisory is shorter and probably more
informative. For example, rather than giving extreme detail on some
vulnerabilities and little to none on others, we are now making an effort
to provide a consistent level of detail for all advisories listed.
Hopefully, these changes will allow this newsletter to be more helpful to
you.
In addition, each week we will include commentary on particularly
significant advisories, security news, opinion, tips, research, and
anything else that may be interesting to readers.
Do you have any suggestions? We are currently in the first phase of a
three-part reconstruction effort to improve the quality of our
newsletters. Our goal is to provide a single place for security advisory
information that can be accessed quickly. How can we make your job easier?
What would you like to see in our newsletters? Do you welcome this change?
Do you have any other suggestions on how we can improve?
We look forward to hearing from you!
news@linuxsecurity.com
SECURE YOUR SERVERS WITH 128-BIT SSL ENCRYPTION
Guarantee transmitted data integrity, secure all communication sessions
and more with SSL encryption from Thawte- a leading global certificate
provider. Learn more in our FREE GUIDE--click here to get
Find out more!
http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=thawte17
At the RealWorld Linux Expo in Toronto, Guardian Digital launched the next
generation of the Community edition of EnGarde Secure Linux - the secure
and easy to manage system for building a complete Internet presence while
protecting your information assets.
Download the FREE trial today!
http://guardiandigital.com/cgi-bin/ad_redirect.pl?id=freetrial
====================================================================
* Comprehensive SPAM Protection! - Guardian Digital's Secure Mail Suite is
unparalleled in security, ease of management, and features. Open source
technology constantly adapts to new threats. Email firewall, simplified
administration, automatically updated.
--> http://guardiandigital.com/cgi-bin/ad_redirect.pl?id=mailnews2
====================================================================
Days of the Honeynet: Attacks, Tools, Incidents - Among other benefits,
running a honeynet makes one acutely aware about "what is going on" out
there. While placing a network IDS outside one's firewall might also
provide a similar flood of alerts, a honeypot provides a unique
prospective on what will be going on when a related server is compromised
used by the intruders.
http://www.linuxsecurity.com/feature_stories/feature_story-141.html
+---------------------------------+
| Distribution: SCO | ----------------------------//
+---------------------------------+
5/7/2003 - samba
multiple vulnerabilities
This updates fixes multiple vulnerabilities in samba.
http://www.linuxsecurity.com/advisories/caldera_advisory-3240.html
5/7/2003 - file
buffer overflow vulnerability
The file command is vulnerable to a buffer overflow when given a
maliciously crafted binary to examine.
http://www.linuxsecurity.com/advisories/caldera_advisory-3241.html
5/7/2003 - tcpsec
SYN+FIN packet discarding vulnerability
Allowing TCP packets with both the SYN and FIN bits set
significantly improve an attacker's chances of circumventing a
firewall.
http://www.linuxsecurity.com/advisories/caldera_advisory-3242.html
+---------------------------------+
| Distribution: Conectiva | ----------------------------//
+---------------------------------+
5/5/2003 - krb5
Multiple vulnerabilities
Cryptographic weakness, buffer overrun and underrun, faulty length
checks, and integer signedness vulnerabilities have been fixed.
http://www.linuxsecurity.com/advisories/connectiva_advisory-3232.html
5/5/2003 - vnc
Multiple vulnerabilities
Cryptographic weakness, buffer overrun and underrun, faulty length
checks, and integer signedness vulnerabilities have been fixed.
http://www.linuxsecurity.com/advisories/connectiva_advisory-3233.html
+---------------------------------+
| Distribution: Connectiva | ----------------------------//
+---------------------------------+
5/7/2003 - snort
integer overflow vulnerability
There is a remotely exploitable integer overflow vulnerability in
Snort.
http://www.linuxsecurity.com/advisories/connectiva_advisory-3243.html
+---------------------------------+
| Distribution: Debian | ----------------------------//
+---------------------------------+
5/5/2003 - epic4
buffer overflow vulnerability
A malicious server could craft special reply strings, triggering
the client to write beyond buffer boundaries.
http://www.linuxsecurity.com/advisories/debian_advisory-3231.html
5/6/2003 - balsa
off-by-one vulnerabilities
Byrial Jensen discovered a couple of off-by-one buffer overflow in
the IMAP code of Mutt.
http://www.linuxsecurity.com/advisories/debian_advisory-3235.html
5/6/2003 - leksbot
improper setuid-root execution
Due to a packaging error, the program /usr/bin/KATAXWR was
inadvertently installed setuid root.
http://www.linuxsecurity.com/advisories/debian_advisory-3236.html
5/7/2003 - libgtop
Remote buffer overflow vulnerability
Due to a packaging error, the program /usr/bin/KATAXWR was
inadvertently installed setuid root.
http://www.linuxsecurity.com/advisories/debian_advisory-3244.html
5/7/2003 - fuzz
Local privilege escalation vulnerability
Due to a packaging error, the program /usr/bin/KATAXWR was
inadvertently installed setuid root.
http://www.linuxsecurity.com/advisories/debian_advisory-3245.html
+---------------------------------+
| Distribution: Gentoo | ----------------------------//
+---------------------------------+
5/2/2003 - openssh
Information disclosure vulnerability
Due to a packaging error, the program /usr/bin/KATAXWR was
inadvertently installed setuid root.
http://www.linuxsecurity.com/advisories/gentoo_advisory-3226.html
+---------------------------------+
| Distribution: RedHat | ----------------------------//
+---------------------------------+
5/2/2003 - MySQL
Multiple vulnerabilities
Due to a packaging error, the program /usr/bin/KATAXWR was
inadvertently installed setuid root.
http://www.linuxsecurity.com/advisories/redhat_advisory-3227.html
5/2/2003 - mod_auth_any
Arbitrary command execution vulnerability
Due to a packaging error, the program /usr/bin/KATAXWR was
inadvertently installed setuid root.
http://www.linuxsecurity.com/advisories/redhat_advisory-3228.html
========================================================================
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
========================================================================
##########################################################################
# Send submissions for comp.os.linux.announce to: cola@stump.algebra.com #
# PLEASE remember a short description of the software and the LOCATION. #
# This group is archived at http://stump.algebra.com/~cola/ #
##########################################################################
------------------------------
From: Jennifer Olson <jen@guardiandigital.com>
Subject: EnGarde Secure Linux Wins Hardened Linux Solution Award for 2003
Date: Fri, 9 May 2003 13:25:50 CST
Guardian Digital EnGarde Secure Linux Wins Network Computing Hardened
Linux Solution Award for 2003
EnGarde Secure Linux Wins Well-Connected Award for Hardened Linux Solution
for Its security, Ease of Management, Depth of Strategy, and Value
LAS VEGAS, NEVADA, MAY 1, 2003 - Guardian Digital today announced the
EnGarde Secure Linux System was awarded the 2003 Well-Connected Award for
"Hardened Linux Security Solution" by Network Computing, a CMP Media LLC
magazine. The product was chosen for its depth of security strategy, ease
of management, patching facilities, and value. By leveraging the merits of
the open source approach, Guardian Digital is able to produce a
highly-secure and easy to manage platform that simplifies the complex
process of building a secure Internet presence.
"We are very pleased with Network Computing's validation for our hardened
Linux Internet security solutions," said Ryan W. Maple, senior vice
president, enterprise solutions at Guardian Digital. "As companies rely
more on the Internet to realize the requirement to be secure on the
Internet today, the need for applications to ease the complex process of
maintaining security of networked systems is essential to assess and
protect crucial entry points by remote employees, customers and vendors."
Winners of the Network Computing Well-Connected Awards were announced at
an awards gala in Las Vegas on Monday night, the evening before
yesterday's opening of the industry's largest trade show, NetWorld+Interop
2003 Las Vegas. The EnGarde Secure Linux System is highlighted as the
category winner in the May 1st issue of Network Computing and on Network
Computing Online at http://www.networkcomputing.com.
The state-of-the-art EnGarde Secure Linux System is the world's first
complete, secure, Linux operating system designed to provide an
organization with the ability to build a secure and easy to manage online
presence. This provides organizations with a cost-effective and proven
platform capable of supporting thousands of Web sites and e-mail domains.
Designed with security and ease of management as its primary focus,
EnGarde Secure Linux allows organizations to increase productivity while
reducing support and infrastructure costs.
"To be considered, all finalists are the technology solutions we've
recommended in the past 12 months," said Fritz Nelson, VP and Publisher of
CMP's Network Computing. "Our editors worked at length to research and
test the best offerings in the technology arena during the course of the
year. The products selected in the Well Connected Awards are unique
because they have been tested by our editors who are current or former IT
professionals who understand what our readers want products that deliver."
Through the use of secured open source applications necessary to build
full-featured Web, DNS, and email systems, advanced encryption
technologies, hardened Linux kernel, intrusion detection, and a Web-based
management system, EnGarde Secure Linux dramatically reduces support costs
and delivers a major boost in productivity through reliable operation.
About Guardian Digital, Inc.
Guardian Digital, the premier open source security company, offers the
first secure, open source Internet infrastructure system. Based on
Guardian Digital's operating system platform, EnGarde, the company
provides enterprises with the software and services necessary for secure
computing on the Internet. By leveraging the merits of the collaborative
open source design model, coupled with the company's security and Internet
expertise, Guardian Digital solutions maintain the highest degree of
security and reliability. Founded in 1999, Guardian Digital is
headquartered in Allendale, New Jersey. For additional information, please
visit www.guardiandigital.com or call 1-866-GD-LINUX.
About Network Computing
Network Computing (http://www.networkcomputing.com) published by CMP Media
LLC, Manhasset, N.Y., is dedicated to providing critical analysis of
technologies, vendors and products to 220,000 IT Managers and Staff who
are accountable for strategic technology purchase decisions. In addition
to the bi-weekly magazine, Network Computing provides a complete media
platform including www.networkcomputing.com, Network Computing Research,
and Network Computing Events. In 2002, www.NetworkComputing.com was named
American Society of Business Publications Editors (ASBPE) Best 'Original
Web Database' category for the Interactive Buyer's Guide and ranked Rob
Preston 11th on Adweek's Technology Marketing Influencers Report "Hottest
Tech Media editors" list.
About CMP Media
CMP Media LLC (www.cmp.com) is a leading integrated media company
providing essential information and marketing services to the entire
technology spectrum-the builders, sellers and users of technology
worldwide. Capitalizing on its editorial strength, CMP is uniquely
positioned to offer marketers' comprehensive, integrated media solutions
tailored to meet their individual needs. Its diverse products and services
include newspapers, magazines, Internet products, research, direct
marketing services, education and training, trade shows and conferences,
and custom publishing.
Contact Information
Jennifer Olson
Corporate Communications
Guardian Digital, Inc.
(201) 934-9230
pr@guardiandigital.com
##########################################################################
# Send submissions for comp.os.linux.announce to: cola@stump.algebra.com #
# PLEASE remember a short description of the software and the LOCATION. #
# This group is archived at http://stump.algebra.com/~cola/ #
##########################################################################
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: Linux-Announce-Request@NEWS-DIGESTS.MIT.EDU
You can submit announcements to be moderated via:
Internet: linux-announce@NEWS.ORNL.GOV
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Announce Digest
******************************
