[4123] in linux-announce channel archive
Linux-Announce Digest #415
daemon@ATHENA.MIT.EDU (Digestifier)
Sat May 17 01:13:55 2003
From: Digestifier <Linux-Announce-Request@senator-bedfellow.mit.edu>
To: Linux-Announce@senator-bedfellow.mit.edu
Reply-To: Linux-Announce@senator-bedfellow.mit.edu
Date: Sat, 17 May 2003 01:13:03 EDT
Linux-Announce Digest #415, Volume #4 Sat, 17 May 2003 01:13:03 EDT
Contents:
SHAREWARE: txt2pdf PRO 6.5 ("Sanface Software")
Advanced Bash Scripting Guide: Version 1.8 update ("M. Leo Cooper")
Linux Advisory Watch - May 16th 2003 (Jennifer Olson)
[HUMBUG] Next Meeting - 24th May 2003 (Mark Suter)
----------------------------------------------------------------------------
From: "Sanface Software" <sanface@sanface.com>
Subject: SHAREWARE: txt2pdf PRO 6.5
Date: 16 May 2003 14:20:01 GMT
txt2pdf PRO 6.5 is a very important release in the evolution of txt2pdf
5.x PRO and is the PRO version of txt2pdf 6.x. We distribute txt2pdf
PRO only in executable binaries, but under special circumstances, source
code can be provided. There are also new exciting features in the PRO
version that are not available in the regular version.
txt2pdf PRO offers you all the features of txt2pdf 6.x plus these
important features:
NEW: possibility to create compressed pdf with every executable
distribution (the most inportant differce from version 6.5 PRO and
version 6.0 PRO)
NEW: embedded true type font support
annotation in the first page (you can set also the position (x,y) of the
annotation icon)
You can use colours, fonts, links, etc with your personal or standard
tags
begin1 to change the background of the first page and bgdesignlast to
change the background of the last page
performance:
medium: doesn't convert word like http://, ftp:, mailto:, ... to links
high: ignores fontmark and color settings
Form Feed (^L) support
-skip1ff option to skip the first form feed
the possibility to set the top and left margins
the possibility to create compressed PDFs and to set the compression
factor. txt2pdf PRO will compress also EPD and embedded true type fonts.
mailto option: the possibility to send to the specified user the created
PDF like attach. It's possible to specify the title, the body, the SMTP
host, the from user (at the moment you can use these features only with
the Windows executable version and the perl source code)
inside layers (background and foreground) you can use the same txt2pdf
features plus
#!image#;;;;;;;;#!/image# to add RGB jpeg images
#!link#;;;;#!/link# to add links
Download and test it at
http://www.sanface.com/txt2pdfPRO.html
--
Posted via Mailgate.ORG Server - http://www.Mailgate.ORG
##########################################################################
# Send submissions for comp.os.linux.announce to: cola@stump.algebra.com #
# PLEASE remember a short description of the software and the LOCATION. #
# This group is archived at http://stump.algebra.com/~cola/ #
##########################################################################
------------------------------
From: "M. Leo Cooper" <thegrendel@theriver.com>
Subject: Advanced Bash Scripting Guide: Version 1.8 update
Date: 16 May 2003 16:25:19 GMT
Announcing the version 1.8 release of the "Advanced Bash Scripting Guide."
This e-book tutorial and reference is the equivalent of a 532-page print book.
With 262 illustrative examples, the book covers virtually every aspect of
scripting.
The author invites comparisons with *any* of the commercially printed books on
shell scripting. His aim was to write "best of category" documentation.
"This tutorial assumes no previous knowledge of
scripting or programming, but progresses rapidly toward an
intermediate/advanced level of instruction ...all the while
sneaking in little snippets of UNIX wisdom and lore. It serves
as a textbook, a manual for self-study, and a reference
and source of knowledge on shell scripting techniques. The
exercises and heavily-commented examples invite active reader
participation, under the premise that the only way to really
learn scripting is to write scripts."
-- from the Introduction
License: Open Publication License
This means the book is *free* and freely distributable.
URLs:
----
Linux Documentation Project:
http://www.tldp.org/LDP/abs/html/
http://www.tldp.org/LDP/abs/html/index.html
http://www.tldp.org/LDP/abs/abs-guide.html.tar.gz
http://www.tldp.org/LDP/abs/abs-guide.pdf
Sunsite:
http://www.ibiblio.org/pub/Linux/docs/linux-doc-project/abs-guide/
Author's home page:
http://personal.riverusers.com/~thegrendel/abs-guide-1.8.tar.bz2 [ 539k ]
(bzip2-ed tarball containing SGML source, all example scripts,
and rendered HTML)
##########################################################################
# Send submissions for comp.os.linux.announce to: cola@stump.algebra.com #
# PLEASE remember a short description of the software and the LOCATION. #
# This group is archived at http://stump.algebra.com/~cola/ #
##########################################################################
------------------------------
From: Jennifer Olson <jen@guardiandigital.com>
Subject: Linux Advisory Watch - May 16th 2003
Date: 16 May 2003 22:25:01 GMT
+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| May 16th, 2002 Volume 4, Number 19a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
dave@linuxsecurity.com ben@linuxsecurity.com
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilitiaes that have been announced throughout the week. It
includes pointers to updated packages and descriptions of each
vulnerability.
This week, advisories were released for kernel, mgetty, slocate,
evolution, kernel, shadow, kopte, kopte, xinetd, mysql, kde, xinetd,
kernel, tcpdump, and openssh. The distributors include SCO, Conectiva,
Guardian Digital, Gentoo, Mandrake, Red Hat, and TurboLinux.
Your editors would like to thank our readers for the wonderful feedback
that we received from the last issue. All suggestions have been noted and
we are making efforts to address each and every one. For those of you who
have not yet had a chance to respond, there is still time! What are we
looking for? We are looking for suggestions on how to make this newsletter
better. Suggestions can range from tips on presentation to the type and
amount of information included with each advisory. We are making this
effort to serve you, the community, better. Help us take a step forward,
let us know what it would take to make this newsletter perfect for you. We
look forward to hearing from you! Please send all suggestions to:
news@linuxsecurity.com
This week, several interesting advisories were released. Most notably were
the recent updates to the kernel. At the time of this writing, only
EnGarde and Red Hat have released updates to the "ioperm" system call bug.
It does not restrict privileges properly, which may result in a local user
being able to access the I/O ports on a system. In addition, an attacker
sending packets with a specially chosen forged source address can cause a
large number of collisions in the kernel's networking hash tables, which
results in a denial of service.
I recently had an interesting conversation with Dave Wreski, my co-editor.
We discussed the changes that will be made to the United States $20 bills
to thwart counterfeiters. Dave brought up the point that the US Federal
Reserveis implementing some changes that will not be made public. His
thoughts were, "Would giving store clerks and the general public more
information to recognize a bogus bill help? Or would releasing this
information give too much to the counterfeiters and improve their
capabilities?" I found this discussion interesting because it has the same
underlying question as the security of open source software. Most people
reading this newsletter would probably agree that security can not be
gained through obscurity.
Until next time, stay secure!
Benjamin Thomas
At the RealWorld Linux Expo in Toronto, Guardian Digital launched the next
generation of the Community edition of EnGarde Secure Linux - the secure
and easy to manage system for building a complete Internet presence while
protecting your information assets.
Download the FREE trial today!
http://guardiandigital.com/cgi-bin/ad_redirect.pl?id=freetrial
====================================================================
* Comprehensive SPAM Protection! - Guardian Digital's Secure Mail Suite is
unparalleled in security, ease of management, and features. Open source
technology constantly adapts to new threats. Email firewall, simplified
administration, automatically updated.
--> http://guardiandigital.com/cgi-bin/ad_redirect.pl?id=mailnews2
====================================================================
Days of the Honeynet: Attacks, Tools, Incidents - Among other benefits,
running a honeynet makes one acutely aware about "what is going on" out
there. While placing a network IDS outside one's firewall might also
provide a similar flood of alerts, a honeypot provides a unique
prospective on what will be going on when a related server is compromised
used by the intruders.
http://www.linuxsecurity.com/feature_stories/feature_story-141.html
+---------------------------------+
| Distribution: SCO | ----------------------------//
+---------------------------------+
5/13/2003 - kernel
kmod/ptrace root exploit
The kernel module loader in the Linux kernel allows local users to
gain root privileges by using ptrace to attach to a child process
that is spawned by the kernel.
http://www.linuxsecurity.com/advisories/caldera_advisory-3248.html
5/14/2003 - mgetty
buffer overflow vulnerability
mgetty will overflow an internal buffer if the caller name
reported by the modem is too long.
http://www.linuxsecurity.com/advisories/caldera_advisory-3251.html
+---------------------------------+
| Distribution: Connectiva | ----------------------------//
+---------------------------------+
5/9/2003 - slocate
buffer overflow vulnerability
It has been reported that slocate contains a buffer overflow
vulnerability which could be used by a local attacker to obtain
the privileges of the slocate user.
http://www.linuxsecurity.com/advisories/connectiva_advisory-3246.html
+---------------------------------+
| Distribution: Conectiva | ----------------------------//
+---------------------------------+
5/14/2003 - evolution
multiple vulnerabilities
Core Security Technologies found several vulnerabilities in
Evolution <= 1.2.2 and in the gtkhtml library.
http://www.linuxsecurity.com/advisories/connectiva_advisory-3252.html
+---------------------------------+
| Distribution: EnGarde | ----------------------------//
+---------------------------------+
5/15/2003 - 'sudo' heap corruption vulnerability
multiple vulnerabilities
There is a heap corruption vulnerability in sudo which may allow
an attacker to execute arbitrary commands.
http://www.linuxsecurity.com/advisories/engarde_advisory-3257.html
5/15/2003 - 'gnupg' key validation bug
multiple vulnerabilities
A key validation bug was recently discovered in the GNU Privacy
Guard (GPG) which would cause keys with more then one user ID to
trust all user ID's with the amount of trust given to the
most-valid user ID.
http://www.linuxsecurity.com/advisories/engarde_advisory-3258.html
5/15/2003 - kernel
updates
This kernel update fixes several bugs and vulnerabilities.
http://www.linuxsecurity.com/advisories/engarde_advisory-3259.html
+---------------------------------+
| Distribution: Gentoo | ----------------------------//
+---------------------------------+
5/13/2003 - shadow
user id vulnerability
Updated shadow package that contains a workarkaround for OpenSSH
user identification problem.
http://www.linuxsecurity.com/advisories/gentoo_advisory-3249.html
5/14/2003 - kopte
arbitrary code execution vulnerability
The GnuPG plugin in kopete before 0.6.2 does not properly cleanse
the command line when executing gpg, which allows remote attackers
to execute arbitrary commands.
http://www.linuxsecurity.com/advisories/gentoo_advisory-3253.html
+---------------------------------+
| Distribution: Mandrake | ----------------------------//
+---------------------------------+
5/9/2003 - kopte
gunpg arbitrary code execution
This vulnerabiliy is in the GnuPG plugin that allows for users to
send each other GPG-encrypted instant messages.
http://www.linuxsecurity.com/advisories/mandrake_advisory-3247.html
5/15/2003 - xinetd
denial of service vulnerability
A vulnerability was discovered in xinetd where memory was
allocated and never freed if a connection was refused for any
reason.
http://www.linuxsecurity.com/advisories/mandrake_advisory-3260.html
5/15/2003 - mysql
root vulnerability
In MySQL 3.23.55 and earlier, MySQL would create world-writeable
files and allow mysql users to gain root privileges by using the
"SELECT * INTO OUTFILE" operator to overwrite a configuration
file, which could cause mysql to run as root upon restarting the
daemon.
http://www.linuxsecurity.com/advisories/mandrake_advisory-3261.html
+---------------------------------+
| Distribution: RedHat | ----------------------------//
+---------------------------------+
5/13/2003 - kde
multiple vulnerabilities
KDE fails in multiple places to properly quote URLs and file names
before passing them to a command shell.
http://www.linuxsecurity.com/advisories/redhat_advisory-3250.html
5/14/2003 - xinetd
denial of service vulnerability
Updated xinetd packages that fix a security vulnerability are now
avaliable.
http://www.linuxsecurity.com/advisories/redhat_advisory-3254.html
5/14/2003 - kernel
multiple vulnerabilities
Updated kernel packages that fix a remote denial of service
vulnerability in the TCP/IP stack, and a local privilege
vulnerability, are now available.
http://www.linuxsecurity.com/advisories/redhat_advisory-3255.html
5/15/2003 - tcpdump
privilege dropping vulnerability
Updated tcpdump packages that correctly drop privileges on startup
are now available.
http://www.linuxsecurity.com/advisories/redhat_advisory-3262.html
+---------------------------------+
| Distribution: TurboLinux | ----------------------------//
+---------------------------------+
5/14/2003 - openssh
user id vulnerability
The opessh immediately returns an error message if the user does
not exist on openssh server. As a result, it is possible to check
user's validity by measuring response time.
http://www.linuxsecurity.com/advisories/turbolinux_advisory-3256.html
========================================================================
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
========================================================================
##########################################################################
# Send submissions for comp.os.linux.announce to: cola@stump.algebra.com #
# PLEASE remember a short description of the software and the LOCATION. #
# This group is archived at http://stump.algebra.com/~cola/ #
##########################################################################
------------------------------
From: Mark Suter <suter@zwitterion.humbug.org.au>
Subject: [HUMBUG] Next Meeting - 24th May 2003
Date: 17 May 2003 02:05:01 GMT
HUMBUG, the Home Unix Machine Brisbane Users Group, exists to get
fellow Unix users in contact with each other, to introduce people
to Unix and Unix-like operating systems, and to help users in
operating those systems. Everyone is welcome to attend.
Meetings tend to be informal. We socialize, discuss Unix and
computing, solve Unix problems for new and experienced users
alike, and these days have regular talks.
Date: Saturday, 24th May 2003 (every second Saturday)
Time: From three pm till late
Venue: Room S201, Hawken Engineering Building (no. 50)
The University of Queensland, St Lucia Campus
Car Parking is currently unregulated on Saturdays. The
University is serviced by public transport with frequent
buses during University terms. For more information:
http://www.uq.edu.au/about/locations/st-lucia.html
http://www.uq.edu.au/maps/index.phtml?menu=1&z=2&id=25
Cost: Membership is $15 for a full year, but no one has to join
unless they are going to use club services such as our
network access during meetings.
Food: The eating places (ranging from take away to a la Carte)
at 'The Ville' are usually open until about 10pm Saturday
night. There is also the Pizza Cafe on-campus near the
Schonell Theater:
http://www.schonell.uq.edu.au/pizza_caffe.html
http://www.uq.edu.au/maps/index.phtml?menu=1&z=1&id=11
Drinks: Various soft drinks and snacks are available from the
three vending machines located immediately outside the
room. Bring coins to take advantage of these machines!
Talks: Information on up coming talks is announced separately.
For information on talks see the announcements by our
Talks Maintainer on the announce mailing list.
For more information on club meetings and HUMBUG itself see our
web page at http://www.humbug.org.au/ or email me directly.
HUMBUG President
##########################################################################
# Send submissions for comp.os.linux.announce to: cola@stump.algebra.com #
# PLEASE remember a short description of the software and the LOCATION. #
# This group is archived at http://stump.algebra.com/~cola/ #
##########################################################################
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: Linux-Announce-Request@NEWS-DIGESTS.MIT.EDU
You can submit announcements to be moderated via:
Internet: linux-announce@NEWS.ORNL.GOV
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Announce Digest
******************************
