Slashdot: “Cardhore writes: ‘According to this article, Sun’s and Wipro’s developers are now working on Metacity, instead of Sawfish. Metacity and Sawfish are two window managers for the GNOME desktop, and Sun has decided to use Metacity over Sawfish for GNOME 2.'” You can check out the Slashdot thread here.
Red Hat Linux Advisory: fetchmail
7.2, and 7.3 which close a remotely-exploitable vulnerability in unpatched
versions of fetchmail prior to 5.9.10.”
---------------------------------------------------------------------
Red Hat, Inc. Red Hat Security Advisory
Synopsis: Updated fetchmail packages available
Advisory ID: RHSA-2002:047-10
Issue date: 2002-03-11
Updated on: 2002-05-20
Product: Red Hat Linux
Keywords: fetchmail bounds
Cross references:
Obsoletes: RHSA-2001:103
CVE Names: CAN-2002-0146
---------------------------------------------------------------------
1. Topic:
Updated fetchmail packages are available for Red Hat Linux 6.2, 7, 7.1,
7.2, and 7.3 which close a remotely-exploitable vulnerability in unpatched
versions of fetchmail prior to 5.9.10.
2. Relevant releases/architectures:
Red Hat Linux 6.2 - alpha, i386, sparc
Red Hat Linux 7.0 - alpha, i386
Red Hat Linux 7.1 - alpha, i386, ia64
Red Hat Linux 7.2 - i386, ia64
Red Hat Linux 7.3 - i386
3. Problem description:
When retrieving mail from an IMAP server, the fetchmail e-mail client will
allocate an array to store the sizes of the messages which
it will attempt to fetch. The size of the array is determined by the
number of messages that the server claims to have. Unpatched versions of
fetchmail prior to 5.9.10 did not check whether the number of e-mails the
server claimed was too high, allowing a malicious server to cause the
fetchmail process to write data outside of the array bounds.
Users of fetchmail are advised to upgrade to this errata package which is
not vulnerable to this issue.
The Common Vulnerabilities and Exposures project (cve.mitre.org/) has
assigned the name CAN-2002-0146 to this issue.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory only contains the
desired RPMs.
Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):
6. RPMs required:
Red Hat Linux 6.2:
SRPMS:
ftp://updates.redhat.com/6.2/en/os/SRPMS/fetchmail-5.9.0-9.src.rpm
alpha:
ftp://updates.redhat.com/6.2/en/os/alpha/fetchmail-5.9.0-9.alpha.rpmftp://updates.redhat.com/6.2/en/os/alpha/fetchmailconf-5.9.0-9.alpha.rpm
i386:
ftp://updates.redhat.com/6.2/en/os/i386/fetchmail-5.9.0-9.i386.rpmftp://updates.redhat.com/6.2/en/os/i386/fetchmailconf-5.9.0-9.i386.rpm
sparc:
ftp://updates.redhat.com/6.2/en/os/sparc/fetchmail-5.9.0-9.sparc.rpmftp://updates.redhat.com/6.2/en/os/sparc/fetchmailconf-5.9.0-9.sparc.rpm
Red Hat Linux 7.0:
SRPMS:
ftp://updates.redhat.com/7.0/en/os/SRPMS/fetchmail-5.9.0-10.src.rpm
alpha:
ftp://updates.redhat.com/7.0/en/os/alpha/fetchmail-5.9.0-10.alpha.rpmftp://updates.redhat.com/7.0/en/os/alpha/fetchmailconf-5.9.0-10.alpha.rpm
i386:
ftp://updates.redhat.com/7.0/en/os/i386/fetchmail-5.9.0-10.i386.rpmftp://updates.redhat.com/7.0/en/os/i386/fetchmailconf-5.9.0-10.i386.rpm
Red Hat Linux 7.1:
SRPMS:
ftp://updates.redhat.com/7.1/en/os/SRPMS/fetchmail-5.9.0-10.src.rpm
alpha:
ftp://updates.redhat.com/7.1/en/os/alpha/fetchmail-5.9.0-10.alpha.rpmftp://updates.redhat.com/7.1/en/os/alpha/fetchmailconf-5.9.0-10.alpha.rpm
i386:
ftp://updates.redhat.com/7.1/en/os/i386/fetchmail-5.9.0-10.i386.rpmftp://updates.redhat.com/7.1/en/os/i386/fetchmailconf-5.9.0-10.i386.rpm
ia64:
ftp://updates.redhat.com/7.1/en/os/ia64/fetchmail-5.9.0-10.ia64.rpmftp://updates.redhat.com/7.1/en/os/ia64/fetchmailconf-5.9.0-10.ia64.rpm
Red Hat Linux 7.2:
SRPMS:
ftp://updates.redhat.com/7.2/en/os/SRPMS/fetchmail-5.9.0-11.src.rpm
i386:
ftp://updates.redhat.com/7.2/en/os/i386/fetchmail-5.9.0-11.i386.rpmftp://updates.redhat.com/7.2/en/os/i386/fetchmailconf-5.9.0-11.i386.rpm
ia64:
ftp://updates.redhat.com/7.2/en/os/ia64/fetchmail-5.9.0-11.ia64.rpmftp://updates.redhat.com/7.2/en/os/ia64/fetchmailconf-5.9.0-11.ia64.rpm
Red Hat Linux 7.3:
SRPMS:
ftp://updates.redhat.com/7.3/en/os/SRPMS/fetchmail-5.9.0-11.src.rpm
i386:
ftp://updates.redhat.com/7.3/en/os/i386/fetchmail-5.9.0-11.i386.rpmftp://updates.redhat.com/7.3/en/os/i386/fetchmailconf-5.9.0-11.i386.rpm
7. Verification:
MD5 sum Package Name
--------------------------------------------------------------------------
70060565050a75b9a8a6e4e9aab7dd13 6.2/en/os/SRPMS/fetchmail-5.9.0-9.src.rpm
f512bd03071d55a517db02c25cba1d9e 6.2/en/os/alpha/fetchmail-5.9.0-9.alpha.rpm
ee4188a49b8b72a23c80569e2f9ebf25 6.2/en/os/alpha/fetchmailconf-5.9.0-9.alpha.rpm
2d3dede8a1712a7cd9c5ae9c10f9ece1 6.2/en/os/i386/fetchmail-5.9.0-9.i386.rpm
0fb614c9246c9d592437afcee6fb5f08 6.2/en/os/i386/fetchmailconf-5.9.0-9.i386.rpm
39b791c44da50a999b605adfeb96555f 6.2/en/os/sparc/fetchmail-5.9.0-9.sparc.rpm
deec2fc4067464a5acc87903d5f39bc1 6.2/en/os/sparc/fetchmailconf-5.9.0-9.sparc.rpm
26a76843eaa2b1262bb2ff77cca49971 7.0/en/os/SRPMS/fetchmail-5.9.0-10.src.rpm
9027659432e3e8cba0dbe6ce4697e1b6 7.0/en/os/alpha/fetchmail-5.9.0-10.alpha.rpm
bb81872228a85c7ae7d2aaedfde6363b 7.0/en/os/alpha/fetchmailconf-5.9.0-10.alpha.rpm
80d5dd22b14c3c35e54cfd59c4b3bb67 7.0/en/os/i386/fetchmail-5.9.0-10.i386.rpm
12569fe25e5af87071a866532f12cfce 7.0/en/os/i386/fetchmailconf-5.9.0-10.i386.rpm
26a76843eaa2b1262bb2ff77cca49971 7.1/en/os/SRPMS/fetchmail-5.9.0-10.src.rpm
9027659432e3e8cba0dbe6ce4697e1b6 7.1/en/os/alpha/fetchmail-5.9.0-10.alpha.rpm
bb81872228a85c7ae7d2aaedfde6363b 7.1/en/os/alpha/fetchmailconf-5.9.0-10.alpha.rpm
80d5dd22b14c3c35e54cfd59c4b3bb67 7.1/en/os/i386/fetchmail-5.9.0-10.i386.rpm
12569fe25e5af87071a866532f12cfce 7.1/en/os/i386/fetchmailconf-5.9.0-10.i386.rpm
6ac74a69fb49b4df7090f4c4bd8373cf 7.1/en/os/ia64/fetchmail-5.9.0-10.ia64.rpm
158b2785e0c00afca961caac3b420572 7.1/en/os/ia64/fetchmailconf-5.9.0-10.ia64.rpm
d3f57f0c258ab404b07f6d5c6ae10c4a 7.2/en/os/SRPMS/fetchmail-5.9.0-11.src.rpm
8ac6d5614b18de67e5dd53ea8de64e16 7.2/en/os/i386/fetchmail-5.9.0-11.i386.rpm
51eeebc63b4e44bbf9de2d3ba3d408ff 7.2/en/os/i386/fetchmailconf-5.9.0-11.i386.rpm
752e5f8d77d171a5b76e4ddea9a2bb9c 7.2/en/os/ia64/fetchmail-5.9.0-11.ia64.rpm
75d869e0d7f8e507b4e942f82b9bddd8 7.2/en/os/ia64/fetchmailconf-5.9.0-11.ia64.rpm
d3f57f0c258ab404b07f6d5c6ae10c4a 7.3/en/os/SRPMS/fetchmail-5.9.0-11.src.rpm
8ac6d5614b18de67e5dd53ea8de64e16 7.3/en/os/i386/fetchmail-5.9.0-11.i386.rpm
51eeebc63b4e44bbf9de2d3ba3d408ff 7.3/en/os/i386/fetchmailconf-5.9.0-11.i386.rpm
These packages are GPG signed by Red Hat, Inc. for security. Our key
is available at:
http://www.redhat.com/about/contact/pgpkey.html
You can verify each package with the following command:
rpm --checksig <filename>
If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
rpm --checksig --nogpg <filename>
8. References:
http://tuxedo.org/~esr/fetchmail/NEWShttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0146
Copyright(c) 2000, 2001, 2002 Red Hat, Inc.
Category:
- Security
Trial date set for ElcomSoft case
C|Net: “The first criminal trial under the Digital Millennium Copyright Act (DMCA) is scheduled to start Aug. 26 in San Jose, Calif., federal court… The Russian software company [ElcomSoft] is charged with violating criminal provisions of the DMCA by providing software that could be used to crack copyright protections on Adobe Systems’ e-books.”
Senate panel OKs security standards
C|Net News reports that “url “the Senate Commerce Committee has approved a bill that would create a set of ‘best practices’ for computer security for federal departments and agencies, among other things.”
Category:
- Security
Linux-related Spanish comic strip now available in English
– By Norbert Cartagena –
Since 2001, the es.comp.os.linux (ECOL) mailing list has had the pleasure of reading a slapsticky, snide Open Source-themed comic strip by GonzoTBA. Unfortunately for most of our readers, the strip was available in Spanish only. Until now. But does it deliver in English as well as it does in Spanish?
The world of Open Source software is a place where information freely flows
from denizen to denizen, available to any who cares and dares to look for
it. This set of ideas has successfully created a sub-culture that has over
time developed its own identity, its members generally sharing a set of views
and values that can over time become stronger than the confines of their
nation’s borders. The sense of humor of this sub-culture has developed a life
of its own, including a number of comic strips based on the life from the
eyes of its members. The most famous example of this is, of course, Illiad’s
User Friendly.
Since 2001, the es.comp.os.linux (ECOL) mailing list has had the pleasure of reading a slapsticky, snide Open Source-themed comic strip by GonzoTBA. Unfortunately for most of our readers, the strip was available in Spanish only. Until now. But does it deliver in English as well as it does in Spanish?
The world of Open Source software is a place where information freely flows
from denizen to denizen, available to any who cares and dares to look for
it. This set of ideas has successfully created a sub-culture that has over
time developed its own identity, its members generally sharing a set of views
and values that can over time become stronger than the confines of their
nation’s borders. The sense of humor of this sub-culture has developed a life
of its own, including a number of comic strips based on the life from the
eyes of its members. The most famous example of this is, of course, Illiad’s
User Friendly.
Recently, another
comic strip made its debut, at least to the English-speaking world. The Dilbert-like strip is written
in Spain and comes to us via the es.comp.os.linux
newsgroup (ECOL’s home page is in Spanish). The comic strip, created
by GonzoTBA, doesn’t officially have a name, so I’ll refer to it simply
as the ECOL comic strip (sp).
Note: all links to the comic strip will go to the English version
of the strip. The Spanish version link will will be denoted with “sp.”
The ECOL comic strip is based on the lives of two characters, Bilo and
Nano. Bilo is a Linux geek, a member of the es.comp.os.linux mailing list.
He runs Debian, IceWM, is a fervent user of Vim (he strives to understand why
people use Emacs), and enjoys getting his little “pet” robot high on FreeBSD.
His roommate is Nano, your above-average, porn-addicted Windows user. The
ECOL comic strip takes a humorous look at Linux, its newsgroups, SPAM, computers
in general, life, death, and sex (well, mostly porn).
The comic strip uses a variety of common situations within the lives of
Linux users to create a humorous look at the world that surrounds most of
us in this community. Like other comic strips, it can sometimes get a bit outlandish,
but generally stays in the realm of plausibility. GonzoTBA has a habit of
using more graphic language and content than I’m used to in my comic strips,
but I have to admit, it had me laughing out loud a number of times. With
episodes about the eternal Vi vs. Emacs debate
(sp), graphics vs. command line (sp), and — of course
— distro wars (sp), anyone familiar
with the culture of the Linux world will find this very amusing.
Provided you know Spanish…
The transition over to English has not been a particularly smooth one.
A number of episodes rely heavily on the sounding out of letters or words,
word connotations and cultural understanding. Unfortunately, that doesn’t
bode well for the translations. About half of the episodes are universal (sp) in their scope and
funny in any language. The other half, however, just don’t make much sense
in English (sp).
A second problem is that using the current translation method, some of
which is side-splittingly funny in Spanish is only mildly humorous in English.
The author (or the translator) attempts to alleviate this by sometimes changing
the strip to suit the need of the language, but although this looks promising,
it still has a ways to go.
Overall, the comic strip should be enjoyable to both English and Spanish
readers. English-only readers, however, might have a hard time understanding
some of it. This might push away some first-time English readers, but if we can expect some improvement in the translation, this strip could become a long
standing favorite of many in the Linux community. For now, perhaps BarraPunto.org should start linking
to the comic.
Category:
- Management
Free Software for all: What is it?
FreePhile has an article aimed at those new to the concept of Free Software. ” There has been a revolution taking place in the world of information and technology ever since the internet first became a reality. Curious, intelligent and generous people across the planet have banded together in groups both large and small to share ideas over the internet. Their goal: to create software that is available for free like the air we breathe.”
MS licensing: Pay now or pay more later
ZDNet notes that companies may want to cave into Microsoft’s strong-armed licensing tactics now, because it’ll cost more later. What a choice!
Microsoft turns it up at Open Source forum
From NZHerald.co.nz: ” Five Microsoft staffers raised eyebrows by attending a public presentation on open source software at a New Zealand Computer Society Auckland branch meeting last week.” Not a lot of insight into the debate between Open Source and proprietary software, but the comments by Microsoft people are odd.
Category:
- Open Source
Free vs. Open Source
PCPlus has a column expounding on the difference between Open Source and Free Software based on two sit-down conversations between Richard Stallman and Eric Raymond. We talked of the fundamental difference between Richard’s ‘free software’ and Eric’s ‘open source’. In this context, says Stallman, ‘open source’ and ‘free’ describe the same thing, but they say very different things about it. “Free software is not ‘Just for fun’ or because it creates good code,” says Stallman. “Free software is a principle.” Eric and Richard have known each other for 20 years. “There are little tensions sometimes,” Eric has told journalists, “but we do talk. There wasn’t any tension before I got famous. That made things a little complicated.”
Category:
- Migration
Tonight on the Linux Show: Kidney stones and other pains
jeff writes, “Tuesday, May 21st, 2002, from the home of Wayne’s World, Aurora IL,
Tonight LIVE on
www.thelinuxshow.com at 6pm pt, 7pm mt, 8pm ct, and 9pm et…. Kevin Hill, Jeff Gerhardt, Doc
Searls (Linux Journal), Arne Flones and Russ Pavlicek; have another strange and wonderful show lined up tonight on The Linux Show!!
Well Maybe. We had a very busy week for news, so no time for a guest. We will let loose the dogs of war and see where the proverbial chips fall. We are ALL NEWS tonight.
Tonight LIVE on
www.thelinuxshow.com at 6pm pt, 7pm mt, 8pm ct, and 9pm et…. Kevin Hill, Jeff Gerhardt, Doc
Searls (Linux Journal), Arne Flones and Russ Pavlicek; have another strange and wonderful show lined up tonight on The Linux Show!!
Well Maybe. We had a very busy week for news, so no time for a guest. We will let loose the dogs of war and see where the proverbial chips fall. We are ALL NEWS tonight.
Please join us on the show, and check our IRC Chat(irc.thelinuxshow.com
#linuxshow).
Remember tune in at 6pm pt, 7pm mt, 8pm ct, and 9pm et. NOTE: we are now on
Daylight Saving Time in the US.
Catch the Linux show at www.thelinuxshow.com