From Linux Today: “The GNOME 2.0 Desktop Beta 4 release, ‘Thank You,’ is ready for your bug-busting and testing pleasure!”

From Kuro5hin: “Ogg Vorbis may be the holy grail of patent-free audio compression, but there are some serious issues blocking its path to widespread acceptance. Unfortunately most of us are powerless to correct the situation; the problems must be addressed by Vorbis’ creators.”

– By Grant Gross –
At age 28, Boas Betzler is known at IBM as the “grandfather” of Linux on the mainframe. In mid-1998, he began a port of Linux to the IBM zSeries, and he’s shepherded the Linux mainframe project from the beginning to the first shipments.
In porting Linux to an IBM mainframe, Betzler went against the grain both internally at IBM, where many saw Linux as a competitor to IBM’s own mainframe operating system, and among many analysts outside of IBM, who suggested the port wasn’t possible without a huge investment.

Betzler’s “fun” project has helped IBM record double-digit revenue growth for the first time in more than a decade, “driven in significant part by Linux on the mainframe and its ability to consolidate literally hundreds of Sun and HP
servers for customers seeking savings on energy, floor space and management
costs,” according to IBM’s PR team. In the fourth quarter of 2001, 11 percent of the mainframe computing capacity shipped by IBM was slated for Linux applications.

Linux on the mainframe remains controversial. In late February, Shahin Khan, chief competitive officer at Sun Microsystems wrote a position paper, Linux on the Mainframe — Not a Good Idea. In the paper, Khan basically argued Linux was the wrong tool for the job on a mainframe.

Khan’s paper prompted a response from SWsoft chief scientist Alexander Tormasov and a response to the response by Khan earlier this month.

Betzler, now a member of IBM’s Linux Technology Center, is the lead strategist for
embedded Linux. We asked Betzler, part of IBM’s senior technical staff, about that controversy, about his original idea of porting Linux to the mainframe, and about where he sees Linux going in the future. [One note: His answers were run through IBM PR before getting to us.]

Question: What made you think that Linux would be a good idea on a mainframe?

Betzler: I knew the mainframe was years ahead of other servers in terms of
reliability and scalability. It became clear that this world-class server
needed a world-class operating system to run the new applications that make
up the Internet. Linux was the obvious choice since it had already proven
to be portable and ubiquitous. Additionally, university students were
becoming increasingly well versed in Linux. When you grow up with personal
computers and UNIX systems, you just expect to get the same look and feel on
the big servers. That is what Linux offers for the mainframe.

The partitioning and virtualization of the mainframe opens up a whole new
world. With these capabilities, several hundred operating system images can
run parallel to one another on the same box. IBM’s experience in the server
field has allowed us to consolidate a soccer field full of servers into
logical images on a single box.

Question: What’s the advantage of Linux on a mainframe over other Oses?

Betzler: Linux is a straight-forward implementation of a UNIX-like operating
system. Linux developers optimize for performance. The traditional mainframe
operating systems are much richer from a functional standpoint, include more
service features and provide cleaner isolation between the processes in a
single operating system image. With Linux, mainframe users now have a choice
to enable people with UNIX skills to deploy Internet applications or
consolidate servers. If they want to run a mission critical transaction
system or build a large, clustered, single image database, however, they
will probably chose z/OS.

Question: How long did it take to get Linux working on a mainframe? How many
people were on your team?

Betzler: When we started the project, we already had a working version of the GNU compiler that produced code for the mainframe architecture. It took us about
six months to port most of the kernel to the stage where we could see the first
kernel messages on a local console. About two months later, we had the first
user processes running. The first port was done by five excellent coders who
did most of the work in their free time. They were amazing. One Monday,
one of our coders told me that he had ported the complete GNU assembler over
to the mainframe architecture over the weekend, a job we had previously
dismissed because I thought it would be a major effort. We had a proprietary
assembler before that, but as he said, “Why shouldn’t I do the work if it
only takes me a day?”

Question: How much resistance did you get to the idea from internal IBM people?
How much convincing was needed to get the go-ahead with the project, and
then to actually market Linux on mainframes?

Betzler: In the beginning it was clearly a skunk work project and operated under the cover of senior technical people who gave us the opportunity to prove
the feasibility of the project. Many experienced people told us that the
project was doomed for technical reasons, or [who] maintained it wouldn’t be
attractive to customers. It required a year of strong conviction and
creative approaches to drive the project through the company. When the
project was shared with the community, however, we experienced hundreds of
downloads within the first few days. IBM is a customer-driven company, so
when we recognized the interest, we moved forward. We are not a company to
sit back and protect our old business model. We are focused on the
marketplace and go where our customers go.

Question: What was your response to the recent statements coming out of Sun that
say Linux on a mainframe doesn’t make sense?

Betzler: They say they have a business case that Linux on mainframes doesn’t
work. Well, this is a surprise, because IBM and many other independent
consultants and consulting groups have business cases that show it does.

The key difference between Sun and IBM is not Linux on the mainframe, it is
IBM’s commitment to Linux. From Intel thin servers, to department servers,
to RISC-based enterprise and mainframe class servers, IBM has committed and
delivered Linux support across its entire range of hardware.

Question: What are you working on now? Working on embedded Linux must feel a lot different than porting Linux to mainframes.

Betzler: I feel changing your point of view from time to time is important. Now I am focused on making Linux a better fit for constrained devices and purpose
optimized systems. It’s true, cell phones, wrist watches and game stations
are very different from mainframes. But the beauty of Linux is that I can
deploy the skills I have already acquired. And of course the reuse of
components and functions allows you to avoid re-implementing the same
function over and over again.

Question: Your bio says you’re “one of the key players who turned the whole company into a new direction.” How’s it feel to have helped IBM make this big change
to embrace Linux?

Betzler: I always knew that Linux on the mainframe would make sense. But the
impact that my work had still amazes me. It also demonstrates how much this
company has changed and how its technical community offers young people
exciting opportunities. Above all, it is pretty cool and a lot of fun.

Question: Do you see other places where Linux isn’t widely used that could be new
markets for Linux?

Betzler: We all know that small devices will become more powerful and useful over the next couple of years. Information devices like PDAs, cell phones and
alternative clients all need an operating system as infrastructure. Linux
can be used to power these devices and is already used in PDAs and storage
appliances.

Question: What do you see as the next big push for Linux?

Betzler: Short term, I see many servers being used as appliances and these
appliances turned into computing utilities. The focus on these systems is
not the system software but the application, the service it provides. The
more developers have to focus on real functional value in the application,
the more they will pick a commodity operating systems that follows open
standards. Linux is that operating system. The next step will come when
Linux is deployed on consumer devices like digital video recorders or game
stations or even part of appliances like soda machines.

From InternetNews.com: “Sun Microsystems’ Grid Engine 5.3 software will be distributed by SuSE Linux in the new release of SuSE Linux 8.0 Professional Edition, a move Sun hopes will end what it calls misperceptions about its Grid Engine software.”

From Linux Journal: “GNU/Linux is helping take the benefits of computing to schools in Thailand, as Frederick Noronha finds out.”

Anonymous Reader writes “Softfield Technologies (Toronto, Canada) has announced the availability of a Linux PDA that is compatible with the discontinued Agenda VR3. Softfield has added options for 16MB RAM and Ethernet/USB expansion. More at LinuxDevices.com“

GNOME: GNOME Digest for April 24 is out. Packages discussed include orbit-tools 0.1, pygtk-1.99.9, Gabedit 1.1.0, and more.

Application
===========

orbit-tools 0.1

Description
===========

package of command line applications for ORBit2 

Enhancements
============

- initial release, 
- documentation existing as AbiWord documents. 
- iordump: dumps stringified object references onto terminal, original 
  code from /ORBit2/work/ORBit2-2.3.106/test/ior-decode.c
- iorping: given a stringified object reference, continues locate 
  requests are sent to associated object. Supports subset of "ping"
parameters 
  as preload, interval and counting.   

Todo
====

- Convert documentation (currently AbiWord format) to troff.
  Add dependencies and installation instructions to Makefiles.

Download
========

http://user.cs.tu-berlin.de/~frehberg/orbit-tools/

_____________________________________________

pygtk-1.99.9

I have just uploaded pygtk-1.99.9.  It should be available from:
  ftp://ftp.gtk.org/pub/gtk/python/v2.0/pygtk-1.99.9.tar.gzftp://ftp.gnome.org/pub/GNOME/earthquake/sources/pygtk/pygtk-1.99.9.tar.gz

A new gnome-python release to work accompany this pygtk release should 
be ready shortly.

PyGTK is a set of bindings for the GTK+ 2.0 widget set, and related 
libraries.  New stuff in this release includes:

    * code generator updates.  I refactored the code generator a fair
      bit to make code generation for GObjects, interfaces, boxed and
      pointer types all go through the same code paths.  This shortened
      the codegen.py script significantly, and makes it easier to extend
      it later on.
    * h2def.py script doesn't get a stack overrun exception trying to
      process the comments in atkobject.h any more (I got rid of the
      regexp comment removal code).
    * many updates to the defs files to bring them into line with the
      gtk 2.0 release (me, Johan Dahlin, Matt Wilson)
    * fix up an invalid DECREF in gtk.glade.XML.signal_autoconnect(),
      which was causing all kinds of weird errors for people using the
      libglade wrapper.
    * add gtk.glade.bindtextdomain() function for setting the C level
      gettext translation domain.  This allows people to use translated
      glade interfaces from python.  Note that this function is roughly
      equivalent to the locale.bindtextdomain() function that will be in
      the Python 2.3 release. (Matt Wilson)
    * Initial port of GtkGLArea module (OpenGL widget).  (Xavier Ordoquy)
    * add wrappers for many functions not handled by the code generator
      (me, Johan Dahlin, Matt Wilson)
    * makefiles for building pygtk with MSVC on win32 (Hans Breuer)


James.

-- 
Email: james@daa.com.au
WWW:   http://www.daa.com.au/~james/
_____________________________________________

Gabedit 1.1.0

Application
===========

Gabedit 1.1.0

Description
===========

Gabedit is a Graphical User Interface for Molpro2000 and Gaussian 98,
written in C, and based on GTK+.

Download
========

http://lasim.univ-lyon1.fr/allouche/gabedit/download.html
_____________________________________________

Enlightened Sound Daemon 0.2.25

Enlightened Sound Daemon "Arggg, I've been pushed as maintainer" 0.2.25 is
out

Description
===========

EsounD (the Enlightened Sound Daemon) is a server process that allows
multiple applications to share a single sound card.

Enhancements
============

- add support for ALSA 0.9 (patch from Santiago Otero
<siryurian@terra.es>)(bug #76613)

Fixes
=====

- remove socket/socket directory before exiting when sound device can't be
open (bug #78736)

- various build fixes (James Henstridge, Laszlo Peter, jacob berkman, Chris
Chabot, Mark McLoughlin)

Download
========

ftp://ftp.gnome.org/pub/GNOME/stable/sources/esound/esound-0.2.25.tar.gzftp://ftp.gnome.org/pub/GNOME/stable/sources/esound/esound-0.2.25.tar.bz2

_____________________________________________

Balsa balsa-1.3.5

Application
===========

Balsa balsa-1.3.5

Description
===========

Balsa is an email client for GNOME. It supports POP3, IMAP,
local folders, and goodies like multithreading.

handling,numerous UI improvements, some new command line
options and several bugs

Enhancements
============

- new mailboxes scanned in a thread.
- improved message include function.
- preserve References: headers over message postpone.

Fixes
=====

- protect ESMTP passwords and pass-phrases.
- number of crashes and other bugs fixed.

Download
========
http://balsa.gnome.org/download.html

New York Times: “Last week, Microsoft agreed to support the e-Mexico project, a government initiative to bring Internet access within reach of 9 of 10 Mexicans by the end of the six-year presidential term of Vicente Fox…. Many Mexican technology companies hoped that Mr. Fox would use e-Mexico to help promote open-source software in the country.” Free sign-up required to read this story.

Debian: Debian Weekly News for the week of April 24th is out. Subjects covered include why XFree86 4.2 isn’t included in Woody, Hurd, activating keys on extended keyboards, and more.

---------------------------------------------------------------------------
Debian Weekly News
http://www.debian.org/News/weekly/2002/17/
Debian Weekly News - April 24th, 2002
---------------------------------------------------------------------------

Welcome to this year's seventeenth issue of DWN, the weekly newsletter
for the Debian community. Since the Debian project joined (is planning
to join) [1]OASIS (Organization for the Advancement of Structured
Information Standards) we will keep an eye on them. One thing that was
reported last week covered IBM's [2]patent reservation which would
render ebXML (an open standard for electronic transactions and
business collaboration) useless. However, later IBM [3]clarified the
issue.

 1. http://www.oasis-open.org/
2. http://lists.oasis-open.org/archives/ebxml-cppa/200203/msg00155.html
3. http://lists.ebxml.org/archives/ebxml/200204/msg00004.html

Debian GNU/FreeBSD Base Tarball. Nathan Hawkins recently [4]announced
a new base tarball for those of you who would like to see Debian
GNU/FreeBSD live. A whole bunch of packages had to be [5]modified for
this purpose, but the work seems to be worth it. People should also
check the [6]status of this port.

 4. http://lists.debian.org/debian-bsd-0204/msg00021.html
5. http://people.debian.org/~utsl/freebsd-i386/patched/
6. http://people.debian.org/~utsl/freebsd-i386/status.html

Say Thanks. As a reaction to the most recent [7]flamebait Sean Perry
[8]noted, that we should say thanks to the people who make our day
easier. He says, that just mailing out a big "thank you, your work is
used every day and I love it" is worth more than anything.

 7. http://lists.debian.org/debian-devel-0204/msg01289.html
8. http://lists.debian.org/debian-devel-0204/msg01316.html

Why XFree86 4.2 Isn't in Woody. As another reaction to the most recent
[9]flamebait on missing XFree86 4.2 packages Branden Robinson sent an
[10]article to the list. He explains that he has been busy with
getting 4.1.x stable, which has to run on no less than 11
architectures. [11]XFree86 doesn't test or prepare distribution
tarballs for several of these architectures. Hence, Debian is the de
facto portability laboratory for XFree86 on Linux.

 9. http://lists.debian.org/debian-devel-0204/msg01289.html
10. http://lists.debian.org/debian-devel-0204/msg01343.html
11. http://www.xfree86.org/

Hurd Ceased? Some people may have noticed that all packages from the
hurd-i386 architecture have been removed recently. Don't worry too
much, since Jeff Bailey [12]requested this, so the Hurd team can start
uploading packages with the new [13]ABI (Application Binary
Interface), the interface by which an application program gains access
to operating system and other services. It's probably best to wipe out
your existing Hurd system and re-install it. No effort has been made
to make this an easy transition.

 12. http://lists.debian.org/debian-hurd-0204/msg00096.html
13. http://wombat.doc.ic.ac.uk/foldoc/foldoc.cgi?ABI

Activating Keys on Extended Keyboards. It's a frequently asked
question from laptop owners: How is one supposed to make use of
additional keys? If the Linux kernel and XFree86 generate key codes
for them, [14]hotkeys or just plain [15]xmodmap may be helpful. If
Linux doesn't know about the keys, you'll have to go [16]patching the
kernel first.

 14. http://lists.debian.org/debian-laptop-0204/msg00369.html
15. http://lists.debian.org/debian-laptop-0204/msg00376.html
16. http://fake.by-infonet.de/laptop/

Potato's Fate? Several users [17]wondered what will happen to Debian
2.2 alias Potato when Woody has been released. Those who have slow or
small machines that run Potato just fine, may be reluctant to upgrade
to Woody, since Woody requires more space and more powerful machines
than Potato. One thing is certain, once Woody is released, the Potato
release will be moved to the [18]archive where other old releases like
buzz, rex, bo, hamm and slink are saved. The security team might
support the old stable release for a while after Woody has been
released, but it would be better not to depend on that, revealed Josip
Rodin.

 17. http://debianplanet.org/article.php?sid=646
18. ftp://archive.debian.org/debian-archive/dists/

New or Noteworthy Packages. The following packages were added to the
Debian archive recently or contain important updates.

 * [19]archivemail -- Archive and compress your old email.
 * [20]asnparser -- ASN.1 to C/C++ converter.
 * [21]bins -- Generate static HTML photo albums using XML and EXIF
   tags.
 * [22]gpsdrive -- Car navigation system.
 * [23]iodbc -- GTK config frontend for the iODBC Driver Manager.
 * [24]kmplot -- KDE function plotter.
 * [25]mpb -- MIT Photonic-Bands.
 * [26]odontolinux -- Dental office management software (PHP4 +
   PostgreSQL).
 * [27]ohphone -- Command line H.323 client with X, SVGA and SDL
   support.
 * [28]openam -- H.323 answering machine.
 * [29]openmcu -- H.323 conferencing server.
 * [30]pygfarm -- Collection of add-on modules for Pygopherd.
 * [31]python-dns -- DNS client module for Python.
 * [32]switchconf -- Change network config for laptops.
 * [33]sylpheed -- Light weight e-mail client with GTK+.
 * [34]turba -- A web based contact manager.
 * [35]ucstring -- Unicode support for eiffel.
 * [36]webcamd -- Capture images from video devices.

 19. http://www.debian.org/Packages/unstable/mail/archivemail.html
20. http://www.debian.org/Packages/unstable/devel/asnparser.html
21. http://www.debian.org/Packages/unstable/web/bins.html
22. http://www.debian.org/Packages/unstable/utils/gpsdrive.html
23. http://www.debian.org/Packages/unstable/misc/iodbc.html
24. http://www.debian.org/Packages/unstable/math/kmplot.html
25. http://www.debian.org/Packages/unstable/science/mpb.html
26. http://www.debian.org/Packages/unstable/web/odontolinux.html
27. http://www.debian.org/Packages/unstable/comm/ohphone.html
28. http://www.debian.org/Packages/unstable/comm/openam.html
29. http://www.debian.org/Packages/unstable/comm/openmcu.html
30. http://www.debian.org/Packages/unstable/net/pygfarm.html
31. http://www.debian.org/Packages/unstable/interpreters/python-dns.html
32. http://www.debian.org/Packages/unstable/utils/switchconf.html
33. http://www.debian.org/Packages/unstable/mail/sylpheed.html
34. http://www.debian.org/Packages/unstable/web/turba.html
35. http://www.debian.org/Packages/unstable/libs/ucstring.html
36. http://www.debian.org/Packages/unstable/net/webcamd.html

Orphaned Packages. 7 packages were orphaned this week and require a
new maintainer. This makes a total of 88 orphaned packages. Many
thanks to the previous maintainers who contributed to the Free
Software community. Please see the [37]WNPP pages for the full list,
and please add a note to the bug report and retitle it to ITA: if you
plan to take over a package.

 37. http://www.debian.org/devel/wnpp/

* [38]chos -- Easy Boot loader with a Boot-Menu. ([39]Bug#143650)
 * [40]ditty -- Allows you to play melodies from your built-in
   speaker. ([41]Bug#143758)
 * [42]gkermit -- A serial and network communications package..
   ([43]Bug#143652)
 * [44]gnuhtml2latex -- A Perl script that converts html files to
   latex. ([45]Bug#143681)
 * [46]hermes1 -- The Hermes pixel-format library. ([47]Bug#143651)
 * [48]kascade -- Client for Kascade, a distributed Open directory
   search-engine. ([49]Bug#143759)
 * [50]zope-pygresqlda -- A Zope Database Adapter for PostgreSQL.
   ([51]Bug#142845)

 38. http://packages.debian.org/unstable/admin/chos.html
39. http://bugs.debian.org/143650
40. http://packages.debian.org/unstable/games/ditty.html
41. http://bugs.debian.org/143758
42. http://packages.debian.org/unstable/comm/gkermit.html
43. http://bugs.debian.org/143652
44. http://packages.debian.org/unstable/text/gnuhtml2latex.html
45. http://bugs.debian.org/143681
46. http://packages.debian.org/unstable/libs/hermes1.html
47. http://bugs.debian.org/143651
48. http://packages.debian.org/unstable/net/kascade.html
49. http://bugs.debian.org/143759
50. http://packages.debian.org/stable/web/zope-pygresqlda.html
51. http://bugs.debian.org/142845

Got News? Please inform us about everything that is happening in the
Debian community. We are always looking for any interesting stories to
add, especially new items by volunteer writers, and topics we tend to
miss. We're looking forward to receiving your mail at
[52]dwn@debian.org.

 52. mailto:dwn@debian.org


-- 
To UNSUBSCRIBE, email to debian-news-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Red Hat: “Updated sudo packages are available which fix a local root exploit… Global InterSec LLC found an issue with Sudo 1.6.5p2 and earlier which can
be exploited to allow a local attacker to gain root privileges.”

---------------------------------------------------------------------
                   Red Hat, Inc. Red Hat Security Advisory

Synopsis:          Updated sudo packages are available
Advisory ID:       RHSA-2002:071-07
Issue date:        2002-04-22
Updated on:        2002-04-25
Product:           Red Hat Linux
Keywords:          sudo off-by-five heap local root
Cross references:  RHSA-2002:072
Obsoletes:         RHSA-2002:011
---------------------------------------------------------------------

1. Topic:

Updated sudo packages are available which fix a local root exploit.

2. Relevant releases/architectures:

Red Hat Linux 7.0 - alpha, i386

Red Hat Linux 7.1 - alpha, i386, ia64

Red Hat Linux 7.2 - i386, ia64

3. Problem description:

The sudo (superuser do) utility allows system administrators to give certain
users the ability to run commands as root with logging. 

Global InterSec LLC found an issue with Sudo 1.6.5p2 and earlier which can
be exploited to allow a local attacker to gain root privileges.

The Common Vulnerabilities and Exposures project (cve.mitre.org/) has
assigned the name CAN-2002-0184 to this issue.

Users of Sudo are advised to upgrade to these errata packages which are
not vulnerable to this issue.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which are
not installed but included in the list will not be updated.  Note that you
can also use wildcards (*.rpm) if your current directory only contains
the
desired RPMs.

Please note that this update is also available via Red Hat Network.  Many
people find this an easier way to apply updates.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):



6. RPMs required:

Red Hat Linux 7.0:

SRPMS:
ftp://updates.redhat.com/7.0/en/os/SRPMS/sudo-1.6.5p2-1.7x.1.src.rpm

alpha:
ftp://updates.redhat.com/7.0/en/os/alpha/sudo-1.6.5p2-1.7x.1.alpha.rpm

i386:
ftp://updates.redhat.com/7.0/en/os/i386/sudo-1.6.5p2-1.7x.1.i386.rpm

Red Hat Linux 7.1:

SRPMS:
ftp://updates.redhat.com/7.1/en/os/SRPMS/sudo-1.6.5p2-1.7x.1.src.rpm

alpha:
ftp://updates.redhat.com/7.1/en/os/alpha/sudo-1.6.5p2-1.7x.1.alpha.rpm

i386:
ftp://updates.redhat.com/7.1/en/os/i386/sudo-1.6.5p2-1.7x.1.i386.rpm

ia64:
ftp://updates.redhat.com/7.1/en/os/ia64/sudo-1.6.5p2-1.7x.1.ia64.rpm

Red Hat Linux 7.2:

SRPMS:
ftp://updates.redhat.com/7.2/en/os/SRPMS/sudo-1.6.5p2-1.7x.1.src.rpm

i386:
ftp://updates.redhat.com/7.2/en/os/i386/sudo-1.6.5p2-1.7x.1.i386.rpm

ia64:
ftp://updates.redhat.com/7.2/en/os/ia64/sudo-1.6.5p2-1.7x.1.ia64.rpm


7. Verification:

MD5 sum                          Package Name
--------------------------------------------------------------------------
201ca524c0fee5d58bb7861f0e4bae4c 7.0/en/os/SRPMS/sudo-1.6.5p2-1.7x.1.src.rpm
feee2f8fdbc9b07a3e6453d8ee615253 7.0/en/os/alpha/sudo-1.6.5p2-1.7x.1.alpha.rpm
11e39dde06b2754e9ceebfdddebed049 7.0/en/os/i386/sudo-1.6.5p2-1.7x.1.i386.rpm
201ca524c0fee5d58bb7861f0e4bae4c 7.1/en/os/SRPMS/sudo-1.6.5p2-1.7x.1.src.rpm
feee2f8fdbc9b07a3e6453d8ee615253 7.1/en/os/alpha/sudo-1.6.5p2-1.7x.1.alpha.rpm
11e39dde06b2754e9ceebfdddebed049 7.1/en/os/i386/sudo-1.6.5p2-1.7x.1.i386.rpm
56c5d655612194063d0ecec4e90816a9 7.1/en/os/ia64/sudo-1.6.5p2-1.7x.1.ia64.rpm
201ca524c0fee5d58bb7861f0e4bae4c 7.2/en/os/SRPMS/sudo-1.6.5p2-1.7x.1.src.rpm
11e39dde06b2754e9ceebfdddebed049 7.2/en/os/i386/sudo-1.6.5p2-1.7x.1.i386.rpm
56c5d655612194063d0ecec4e90816a9 7.2/en/os/ia64/sudo-1.6.5p2-1.7x.1.ia64.rpm 

These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at:
    http://www.redhat.com/about/contact/pgpkey.html

You can verify each package with the following command:
    rpm --checksig  <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    rpm --checksig --nogpg <filename>

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0184http://www.globalintersec.com/adv/sudo-2002041701.txt


Copyright(c) 2000, 2001, 2002 Red Hat, Inc.



---------------------------------------------------------------------
                   Red Hat, Inc. Red Hat Security Advisory

Synopsis:          Updated icecast packages are available
Advisory ID:       RHSA-2002:063-05
Issue date:        2002-04-11
Updated on:        2002-04-24
Product:           Red Hat Powertools
Keywords:          icecast buffer overflow DoS long get request
Cross references:  
Obsoletes:         RHSA-2001:004
---------------------------------------------------------------------

1. Topic:

Updated icecast packages are available which fix a number of security issues.

2. Relevant releases/architectures:

Red Hat Powertools 7.0 - alpha, i386

Red Hat Powertools 7.1 - alpha, i386

3. Problem description:

Icecast is a mp3-based broadcasting system. Buffer overflows in Icecast
1.3.11 and earlier allow remote attackers to execute arbitrary code via a
long HTTP GET request. The Common Vulnerabilities and Exposures project
(cve.mitre.org/) has assigned the name CAN-2002-0177 to this issue.

Additional buffer overflow vulnerabilities exist in previous versions of
Icecast that are also fixed by this update.  These vulnerabilities can
cause denial of service attacks as well as arbitrary code execution. The
Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned
the names CAN-2001-0784, CAN-2001-1083, CAN-2001-1229, and CAN-2001-1230 to
these issues.

Users of Icecast are advised to update to the errata packages containing
Icecast 1.3.12 which is not vulnerable to these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which are
not installed but included in the list will not be updated.  Note that you
can also use wildcards (*.rpm) if your current directory only contains the
desired RPMs.

Please note that this update is also available via Red Hat Network.  Many
people find this an easier way to apply updates.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):

6. RPMs required:

Red Hat Powertools 7.0:

SRPMS:
ftp://updates.redhat.com/7.0/en/powertools/SRPMS/icecast-1.3.12-1.src.rpm

alpha:
ftp://updates.redhat.com/7.0/en/powertools/alpha/icecast-1.3.12-1.alpha.rpm

i386:
ftp://updates.redhat.com/7.0/en/powertools/i386/icecast-1.3.12-1.i386.rpm

Red Hat Powertools 7.1:

SRPMS:
ftp://updates.redhat.com/7.1/en/powertools/SRPMS/icecast-1.3.12-1.src.rpm

alpha:
ftp://updates.redhat.com/7.1/en/powertools/alpha/icecast-1.3.12-1.alpha.rpm
i386:
ftp://updates.redhat.com/7.1/en/powertools/i386/icecast-1.3.12-1.i386.rpm



7. Verification:

MD5 sum                          Package Name
--------------------------------------------------------------------------
baaf27a3908bfa01191452e3f4fc9c08 7.0/en/powertools/SRPMS/icecast-1.3.12-1.src.rpm
135f94bf2781ffe7ca1d5d19a4fc7e6a 7.0/en/powertools/alpha/icecast-1.3.12-1.alpha.rpm
50d6273850643032246b3a98d03ef61d 7.0/en/powertools/i386/icecast-1.3.12-1.i386.rpm
baaf27a3908bfa01191452e3f4fc9c08 7.1/en/powertools/SRPMS/icecast-1.3.12-1.src.rpm
135f94bf2781ffe7ca1d5d19a4fc7e6a 7.1/en/powertools/alpha/icecast-1.3.12-1.alpha.rpm
50d6273850643032246b3a98d03ef61d 7.1/en/powertools/i386/icecast-1.3.12-1.i386.rpm
 

These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at:
    http://www.redhat.com/about/contact/pgpkey.html

You can verify each package with the following command:
    rpm --checksig  <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    rpm --checksig --nogpg <filename>

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0784http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1083http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1229http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1230http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0177


Copyright(c) 2000, 2001, 2002 Red Hat, Inc.