Matthew Nicholson writes, “I have started a petition to make Blender opensource, so that through we the people, Blender may live on. Sign up here at PetitionOnline.com.”

Anonymous Reader writes: Red Hat Linux 7.3 on the way! MozillaQuest Magazine (MozillaQuest.com) reports: “It now appears that the Spring 2002 Red Hat Linux release will carry the Red Hat Linux 7.3 edition designation. Moreover, it’s likely that Red Hat Linux 7.3 will be released on or before 7 May 2002. . . . Red Hat Linux 7.3 already has been shipped to the Red Hat mirror sites.” . . . Check this MozillaQuest.com story for details & download links.”

“The port numbers are divided into three ranges: the Well Known Ports,
the Registered Ports, and the Dynamic and/or Private Ports.

The Well Known Ports are those from 0 through 1023.

The Registered Ports are those from 1024 through 49151

The Dynamic and/or Private Ports are those from 49152 through 65535″

LinuxWorld.com writes: “Microsoft’s Licensing 6.0 should make you want to avoid its software. If you can’t or won’t and want to run Office and Lotus Notes on your Linux desktop, Codeweaver’s CrossOver Office is the best way to go.”

Caldera: “Imlib versions prior to 1.9.13 would fall back to loading images
via the NetPBM package. NetPBM has various problems itself
that make it unsuitable for loading untrusted images. This
may allow attackers to construct images that, when loaded by
a viewer using Imlib, could cause crashes or potentially, the
execution of arbitrary code.”

____________________________________________________________________________

                Caldera International, Inc.  Security Advisory

Subject:                Linux: imlib processes untrusted images
Advisory number:        CSSA-2002-019.0
Issue date:             2002 April 29
Cross reference:
____________________________________________________________________________


1. Problem Description

        Imlib versions prior to 1.9.13 would fall back to loading images
        via the NetPBM package. NetPBM has various problems itself
        that make it unsuitable for loading untrusted images. This
        may allow attackers to construct images that, when loaded by
        a viewer using Imlib, could cause crashes or potentially, the
        execution of arbitrary code.

        In addition, this version (1.9.14) also includes some further
        fixes from the imlib team.


2. Vulnerable Supported Versions

        System                          Package
        ----------------------------------------------------------------------

        OpenLinux 3.1.1 Server          prior to imlib-1.9.14-1.i386.rpm
                                        prior to imlib-devel-1.9.14-1.i386.rpm

        OpenLinux 3.1.1 Workstation     prior to imlib-1.9.14-1.i386.rpm
                                        prior to imlib-devel-1.9.14-1.i386.rpm

        OpenLinux 3.1 Server            prior to imlib-1.9.14-1.i386.rpm
                                        prior to imlib-devel-1.9.14-1.i386.rpm

        OpenLinux 3.1 Workstation       prior to imlib-1.9.14-1.i386.rpm
                                        prior to imlib-devel-1.9.14-1.i386.rpm


3. Solution

        The proper solution is to install the latest packages.


4. OpenLinux 3.1.1 Server

        4.1 Package Location

        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS

4.2 Packages

        56ed4f4cdf53abc39ba462021496314b        imlib-1.9.14-1.i386.rpm
        743951ea75a12121f6696a57a6a4d091        imlib-devel-1.9.14-1.i386.rpm

        4.3 Installation

        rpm -Fvh imlib-1.9.14-1.i386.rpm
        rpm -Fvh imlib-devel-1.9.14-1.i386.rpm

        4.4 Source Package Location

        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/SRPMS

4.5 Source Packages

        7f31fe77f6e8086aced4bb412b46e55c        imlib-1.9.14-1.src.rpm


5. OpenLinux 3.1.1 Workstation

        5.1 Package Location

        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/RPMS

5.2 Packages

        de20299b700ab3918bed0c782abcd6c3        imlib-1.9.14-1.i386.rpm
        ba96a381bb7c60f20ce74b5645c02fa8        imlib-devel-1.9.14-1.i386.rpm

        5.3 Installation

        rpm -Fvh imlib-1.9.14-1.i386.rpm
        rpm -Fvh imlib-devel-1.9.14-1.i386.rpm

        5.4 Source Package Location

        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/SRPMS

5.5 Source Packages

        060c0a51023524bb1681ac6b68405bd7        imlib-1.9.14-1.src.rpm


6. OpenLinux 3.1 Server

        6.1 Package Location

        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS

6.2 Packages

        72ab762b5b78035581fa9200cac775d7        imlib-1.9.14-1.i386.rpm
        7e918173391601c5df401be3c7644a78        imlib-devel-1.9.14-1.i386.rpm

        6.3 Installation

        rpm -Fvh imlib-1.9.14-1.i386.rpm
        rpm -Fvh imlib-devel-1.9.14-1.i386.rpm

        6.4 Source Package Location

        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS

6.5 Source Packages

        4c864ed09fd05a3740e3a8d6acab2349        imlib-1.9.14-1.src.rpm


7. OpenLinux 3.1 Workstation

        7.1 Package Location

        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/RPMS

7.2 Packages

        0e03563711a6c9902b6d7d2016a45c84        imlib-1.9.14-1.i386.rpm
        d0bbec107ff9b58d8851a0cb680bedf3        imlib-devel-1.9.14-1.i386.rpm

        7.3 Installation

        rpm -Fvh imlib-1.9.14-1.i386.rpm
        rpm -Fvh imlib-devel-1.9.14-1.i386.rpm

        7.4 Source Package Location

        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/SRPMS

7.5 Source Packages

        5eed6f4ffeeebf13e266a4078bc45442        imlib-1.9.14-1.src.rpm


8. References

        Specific references for this advisory:
                none

        Caldera OpenLinux security resources:
                http://www.caldera.com/support/security/index.html

Caldera UNIX security resources:
                http://stage.caldera.com/support/security/

This security fix closes Caldera incidents sr862212, fz520437,
        erg712001.


9. Disclaimer

        Caldera International, Inc. is not responsible for the misuse
        of any of the information we provide on this website and/or
        through our security advisories. Our advisories are a service
        to our customers intended to promote secure installation and
        use of Caldera products.


10. Acknowledgements

        Alan Cox and Al Viro discovered and researched the
        vulnerabilities.

____________________________________________________________________________

SEUL.org’s Linux Education Report #69 is out! Find out what’s the latest in their efforts to make Linux and free software available for implementation in schools arround the world. Issues discussed this week are Microsoft’s legal claims, equivalent tools under Linux and Wintel, and more.

The Register reports that “Some reports today suggest that Microsoft witness Stuart E Madnick, a computer science professor at MIT, might have made desperate claims in court that KDE and GNOME were operating systems. This, fortunately for the good prof’s career, is not true, but he most certainly had a desperate and unsuccessful struggle with States’ attorney Kevin Hodges, and it’s worth reporting in some detail.”

O’Reilly Network: “During the Gulf War, computer hackers in Europe broke into a UNIX computer aboard a warship in the Persian Gulf. The hackers thought they were being tremendously clever — and they were — but they were also being watched… Many experts in the field of computer security used the story as proof, of sorts, that the U.S. military was asleep at the switch when it came to computer security.” Read more here.

Enterprise Linux Today writes: “Operating systems manage storage and file volumes on servers by compressing them, controlling and balancing access. The new volume management system for Linux will help make Linux capable of managing more content, files and users, larger servers and at the same time making it easier to use. With the new volume management technology, Linux is more capable of supporting the enterprise level business applications customers need.”

From Rajesh Goyal:
LinuxCertified, Inc., a leading provider of Linux training, will offer its next Linux Network Services Bootcamp, on May 18th – 19th, 2002 in San Francisco bay area (south bay). This workshop has been designed for network administrators in charge of providing key network services on Linux servers. All students get a free Linux laptop!

This bootcamp is structured along the lines of the highly successful Linux System Administration bootcamp. Students get a powerful Linux laptop at the start of the class, along with other class materials. Their goal is to create a fully functional and secure Linux server. This server will provide the most important internet services such as Web, DNS, Mail, DHCP and File serving.

Students start by putting the system securely on an intranet. They are then led by a team of network experts via carefully designed lectures and labs to configure the network services mentioned above. Students take this laptop with them as a fully configured network server to further enhance their Linux expertise.

Linux and open source network applications such as Apache, BIND, Sendmail, SAMBA etc. are the building blocks for most network services being offered today within the organizations as well as on the internet. This bootcamp enables administrators to rapidly and securely provide these services to their clients. A detailed agenda for the bootcamp is available at:

http://www.linuxcertified.com/network_services.htm l

About LinuxCertified, Inc.

The mission of LinuxCertified,Inc. is to bring Linux to mainstream IT usage. We firmly believe that Linux has an enormous potential, once it crosses over from the early adopters to the more mainstream users. Our goal is to help this transition by providing:

– Linux trained and certified professionals.
– Linux certified products that cater to mainstream users rather than early adopters.

Contact:
info@linuxcertified.com
http://www.linuxcertified.com/
1-877-800-6873(Tel.)

Linux is a registered trademark of Linus Torvalds.
All other names and trademarks are the property of their respective owners.