“Insecurely-structured calls to syslog() found in certain versions of
Stunnel (prior to version 3.9) pass user-supplied data to the syslog()
function in such a way that maliciously embedded format specifiers in
this data can cause the process to overwrite sections of its own
memory with arbitrary data.” Full details at SecurityFocus.

Linux Journal reviews Richard Monson-Haefel’s Enterprise JavaBeans, Second Edition.

LWN.net has the details of Red Hat’s Zope fix.

From this week’s update, posted at LWN.net: “Effective today, 0.4.1 has been released, and it incorporates fixes to
a couple of bugs from 0.4.0. If you haven’t gotten it yet, and you
aren’t heavily invested in your 0.4.0 install yet, make life easier
for yourself–download the RPMs for 0.4.1 and install those.”

From LWN.net: “Continuing the popular tradition of our 1998 and 1999 Linux Timelines, here is our attempt to summarize what has happened in the Linux world over the last year.”

The tenth issue of LyX Development News is now online at LyX.org.

The final candidate for 1.4 should arrive this week, a nightly build system has been instituted, and news about Midgard 2.0, all in this week’s edition of MWS as posted to LWN.net.

LinuxDevices has posted a message from one of Indrema’s PR people, clarifying the certification process for third-party game developers, and hinting at a possible release date.

Posted to LWN.net: “A potential security issue exists in versions of Zope up to and
including 2.2.4. This issue involves incorrect protection of a data
updating method on Image and File objects. Because the method was not
correctly protected, it was possible for users with DTML editing
privileges to update the raw data of a File or Image object via DTML
though they did not have editing privileges on the objects themselves.
This update replaces the previous Zope update noted in MDKSA-2000:083.”

LinuxWorld’s Lee Anderson takes a look at ten popular games available for Linux, incuding Heavy Gear II, Freeciv, and Sim City 3000.