From LWN.net: “On several occasions, webmin creates temporary files insecurely.
This can be exploited by a local attacker to overwrite or
create arbitrary files and possibly gain root privilege.”

From LWN.net: “With older versions of jazip a user could gain root access for members
of the floppy group to the local machine. The interface doesn’t run
as root anymore and this very exploit was prevented. The program now
also truncates DISPLAY to 256 characters if it is bigger, which closes
the buffer overflow (within xforms).”

From LWN.net: “PkC has reported that there is a buffer overflow in sprintf() in micq
versions 0.4.6, that allows to a remote attacker able to sniff packets
to the ICQ server to execute arbitrary code on the victim system.”

LWN.net posts the latest edition of Dr. Dobb’s weekly Python news roundup. In this issue: “Finn Bock announces Jython 2.0” … “Sean True announces a tool to migrate from ADO to MySQL” … “David Beazly publishes a CFP for O’Reilly Open Source Conference.”

– By Dan Berkes –
Corel answered some of the questions surrounding its plans for Linux this morning at a press conference in Ottawa: Corel Linux will be sold off, but flagship applications WordPerfect and CorelDraw will remain.
Company CEO Derek Burney revealed Corel’s new plans, a back-to-basics approach designed to bring the company to profitability by the third quarter of 2001.

Corel believes it can best accomplish these goals in the Linux arena by shedding its Corel Linux distribution, and focusing on the creation and improvement of “platform neutral” projects, including core cash generators WordPerfect and CorelDraw.

Citing Corel Linux’s desktop market of 14% and the company’s commitment to focus on products and strategies that provide maximum value to shareholders, Burney said, “We won’t be in the operating system business any longer.”

Burney’s comment seems to be in conflict with Corel’s official press release announcing the changes, which states that the company wants to merely “spin off” its Linux distribution, at the same time “retaining an interest” in the new prospective company.

Part of Corel’s continued interest in Linux may actually involve Microsoft’s .NET strategy. In October, the Redmond software giant invested $135 million in Corel in a deal that could partially involve blending Linux and its product base into the .NET platforms.

Furthermore, Burney announced the company would ease away from competing head-to-head against Microsoft in the office applications market. The new strategy will focus on the existing WordPerfect user base of 22 million users, including many government, medical, and legal users who have long preferred Corel’s offering. Those users can expect to see new versions of their favorite word processing application that include tighter Internet integration.

Although a source inside the company insists that a sell-off of Corel’s Linux distribution and other key assets to Linux Global Partners is virtually a done deal, Burney stated the company is still considering prospective buyers and strategies. When pressed for comment, Burney said, “There is no deal, and if there was, we would have announced it.”

In other areas, Corel announced its plans to offer its creative products on the Macintosh platform, offering new versions of Corel Painter, Bryce, KPT, and KnockOut for Apple’s new UNIX operating system, Mac OS X.

When discussing long-term plans for new markets, CEO Burney hinted that the company would consider delivering its creative products as Web services, giving some credibility to the rumors that Corel might enter the application service provider business.

Finally, Corel said it was also looking into the realm of wireless imaging products, possibly through acquisition of other companies. Further details were not available, as Burney stated that the company was more interested in “making the right decisions, and not quick decisions.”

NewsForge editors read and respond to comments posted on our discussion page.

A post at LWN.net announces the first alpha release of Python 2.1. New features include a Unicode companion to the PyObject_Str() API called, naturally enough, PyObject_Unicode(), a slew of rich comparison features, and an improvement of the xrange() object implementation.

From PRNewswire: VMWare also announced that the product is finalized and available for sale at its website.

LinuxNews.pl writes “Mobile AMD-K6 with Linux on board? It’s not what you think.
iRobot is an electronic guard of your home. It’s a robot that
you can remotely control via the Web! It has Linux on board, and it’s
very very smart. Check it out on iRobot.com“

Fairfax IT: “Staggered by declining sales and a financial loss in the last three months of 2000, Apple last week announced new high-end machines in the hope of bringing the Mac faithful back into stores.”

Wired.com: “It seems as though President Bush could use some advice about how to fix the problems on his White House website. Washington correspondent Declan McCullagh asks author and design maestro Jakob Nielsen for suggestions and a critique.”