OSnews: “David Faure is a well known developer in the KDE & Linux community. His work can be found in KFM, Konqueror source code and he recently also picked up KOffice’s KWord development. David is also one of the people who have commited in bug squashing under KDE, especially after he got hired by Mandrake Software. Read more for our interview with David regarding Konqueror, KDE object prelinking, Gnome and much more.”

TechWeb: “[Linux] may turn out to be the lingua franca of the [computer] industry. It powers everything from cluster computing to Web servers, and it does so with full customizability and proven reliability. Even more important, because it’s open source, no single company can use it to wield monopolistic power against the rest. Linux helps creates a level playing field. Although by no means the only company to embrace Linux, IBM has long been a staunch supporter of the open-source OS, and has even announced a mainframe version. IBM’s support has also helped legitimize Linux for users and other vendors.” Read more here.

Trustix: “Three security issues have recently been found in the Squid-2.X releases up to and including 2.4.STABLE3.” These include a memory leak, a buffer flow vulnerability and a disabling problem in the HTCP interface.

From:	 tsl@trustix.com (Trustix Secure Linux Advisor)
To:	 tsl-announce@trustix.org
Subject: TSLSA-2002-0031 - squid
Date:	 Fri, 22 Feb 2002 16:22:23 +0100
Cc:	 bugtraq@securityfocus.com, linsec@lists.seifried.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Trustix Secure Linux Bugfix Advisory #2002-0031

Package name:      squid-cron
Summary:           Security update
Date:              2002-02-22
Affected versions: TSL 1.01, 1.1, 1.2, 1.5

- --------------------------------------------------------------------------

Problem description:
 From the Squid advisory at
 http://www.squid-cache.org/Advisories/SQUID-2002_1.txt

Three security issues have recently been found in the Squid-2.X
 releases up to and including 2.4.STABLE3.
 
 a) A memory leak in the optional SNMP interface to Squid,
    allowing an malicious user who can send packets to the Squid SNMP
    port to possibly perform an denial of service attack on the Squid
    proxy service if the SNMP interface has been enabled (disabled by
    default).

 b) A buffer overflow in the implementation of ftp:// URLs where
    users who are allowed to proxy ftp:// URLs via Squid can perform
    an denial of service on the proxy service, and possibly even
    trigger remote execution of code (not yet confirmed).

 c) The optional HTCP interface cannot be properly disabled from
    squid.conf even if the documentation claims it can. The HTCP
    interface to Squid is not enabled by default, but can be enabled
    at compile time using the --enable-htcp configure option and some
    vendors distribute Squid binaries with HTCP enabled.

Action:
  We recommend that all systems with this package installed are upgraded.
  Note that due to a packaging error in TSL 1.2 and earlier, the swup tool
  can not be used to upgrade this package (again in TSL 1.2 and earlier)
  and you will need to give the --oldpackage argument to rpm when upgrading.
  Typically, that is
  rpm -Fvh --oldpackage squid-2.4.STABLE4-1tr.i586.rpm


Location:
  All TSL updates are available from
  <URI:http://www.trustix.net/pub/Trustix/updates/>
<URI:ftp://ftp.trustix.net/pub/Trustix/updates/>


Automatic updates:
  Users of the SWUP tool can enjoy having updates automatically
  installed using 'swup --upgrade'.

  Get SWUP from:
  <URI:ftp://ftp.trustix.net/pub/Trustix/software/swup/>


Public testing:
  These packages have been available for public testing for some time.
  If you want to contribute by testing the various packages in the
  testing tree, please feel free to share your findings on the
  tsl-discuss mailinglist.
  The testing tree is located at
  <URI:http://www.trustix.net/pub/Trustix/testing/>
<URI:ftp://ftp.trustix.net/pub/Trustix/testing/>
Questions?
  Check out our mailing lists:
  <URI:http://www.trustix.net/support/>


Verification:
  This advisory along with all TSL packages are signed with the TSL sign key.
  This key is available from:
  <URI:http://www.trustix.net/TSL-GPG-KEY>

The advisory itself is available from the errata pages at
  <URI:http://www.trustix.net/errata/trustix-1.2/>
<URI:http://www.trustix.net/errata/trustix-1.5/>
or directly at
  <URI:http://www.trustix.net/errata/misc/2002/TSL-2002-0031-squid.asc.txt>


MD5sums of the packages:
- --------------------------------------------------------------------------
e30e406a2e6f241e9eb5639ae939cf70  ./1.5/SRPMS/squid-2.4.STABLE4-1tr.src.rpm
3b495cb2a47b3aba7b44c1c4135d8ac7  ./1.5/RPMS/squid-2.4.STABLE4-1tr.i586.rpm
e30e406a2e6f241e9eb5639ae939cf70  ./1.2/SRPMS/squid-2.4.STABLE4-1tr.src.rpm
ff158589fc17a67ad47a65d824a5876e  ./1.2/RPMS/squid-2.4.STABLE4-1tr.i586.rpm
e30e406a2e6f241e9eb5639ae939cf70  ./1.1/SRPMS/squid-2.4.STABLE4-1tr.src.rpm
9ea10e9c83acd3eb2c04f01f707e9f9a  ./1.1/RPMS/squid-2.4.STABLE4-1tr.i586.rpm
- --------------------------------------------------------------------------


Trustix Security Team

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8dkhjwRTcg4BxxS0RAukmAJ9sFaiSNXlk1uCF4kfCe9CbXdFiggCdGasX
ta/W7TdZcjc6KjZxM5wfuFk=
=L5N7
-----END PGP SIGNATURE-----

Xi Graphics, Inc. announced today the release of both Linux and Solaris accelerated graphics drivers in Summit v2.1 for Dell’s new Inspiron 8100 Laptop. The 8100 has an ATI Mobility RADEON 7500
graphics chip and a 1.2GHz CPU. The Company claims that the graphics
performance of this laptop, which has 64 MB of Video Memory, almost puts it into a “portable workstation” category. Viewperf(R) benchmarks produced by the OpenGL conformant drivers are published on Xi Graphics’ Web site, http://www.xig.com.”

“TimeSys Corporation, a pioneer and
leader in Embedded Linux and Java(TM) development technologies, today
announced that its Linux-based solutions have been optimized to support the Intel(R) Corporation’s Xscale(TM) architecture. This expands TimeSys’ overall footprint to include an even larger range of processor architectures that include x86, ARM, PowerPC, SuperH, and now Xscale.” Read more in this press release.

Josue Irizarry writes, “Already Linux in Puerto Rico counts on its own Web Page, Vida Linux, is our Web Page in PHP (Post Nuke), where we have the updated news, Howto, sections of aid, services among others.

To all the Latin users of Linux I invite to him that they visit our vestibule, that also is your Vestibule

the direction is www.vidalinux.com.
Already Linux is entered strongly on Puerto Rico.”

JigSaw writes, “OSNews hosts an interesting interview with David Faure, the french KDE developer who works for Mandrake Software. His code can be found on Konqueror, KFM, KWord and he is also the main bug hunter for KDE. David talks about KDE 3’s enhancements and speed improvements, the future of KWord, the debugging tools under Linux, and even Gnome2, .NET, MacOSX and Mozilla.”

Posted on LWN.net: The well known Common Unix Printing System (CUPS) was found vulnerable
to a buffer overflow in the Internet Printing Protocol (IPP) handling
code.
The buffer overflow could be exploited by a remote attacker as long as
their IP address is allowed to connect to the CUPS server.

Please download the update package for your distribution and verify its
integrity by the methods listed in section 3) of this announcement.
Then, install the package using the command “rpm -Fhv file.rpm” to apply
the update.

IDG News Service (on PCWorld.com) reports that an Microsoft official is denying that the company is using its antitrust settlement proposal to its advantage. “Based on testimony from a February 8 deposition with Richard Fade, senior vice president of Microsoft’s Original Equipment Manufacturer division, the states and some PC makers argued that Microsoft had added ‘onerous’ terms to its Windows license, including one in which PC makers would be banned from asserting patent claims against Microsoft and Microsoft licensees.”

IDG News Service (on NWfusion.com) reports that Sun will partner with software makers Ximian and Wipro to complete work on a version of the GNOME desktop for Sun’s Solaris.