Author: JT Smith
Category:
Author: JT Smith
Category:
Author: JT Smith
The announcement
this month that Linux company Aduva had received $14 million in funding caught my eye for a couple of reasons. One: What Open Source-related company is
getting that kind of financing these days? Two: Who’s Aduva?
I searched for Aduva in NewsForge’s database an only came up with a handful of stories in the past year and a half. In fact, the last press release on Aduva’s own site, the last one before the $14 million announcement anyway, is dated Aug. 28, 2001. So it’s safe to say this is a
company that’s been keeping a low profile.
It turns out that was by design, says Azi Cohen, the company’s CEO. Aduva has been laying low as it reconfigures its main product, a Linux management suite, to sell to OEMs instead of directly to customers.
So what’s a Linux management suite? Cohen says Aduva’s Knowledgebase is a constantly updated repository of information on all things related to deploying Linux,
in essence being the eyes and ears of businesses using Linux for issues such as dependency and conflict problems and security updates. Aduva accomplishes this
by testing the thousands of Linux software packages in its lab filled with more than 100 servers.
If this sounds like something individual Linux distributions are doing, it kind of is, except on a grander scale, says Cohen. Aduva is testing on several
distributions, not just one, and Cohen claims the Knowledgebase has information on 40,000-plus components and millions of dependency rules for Linux-related software. Supported right now are Red Hat and SuSE’s Intel-based Linux OSes, and SuSE on an IBM mainframe.
“Sometimes when you try to install something … then something else doesn’t work because of the issue of dependencies,” Cohen says on a phone call from Israel. Conflicts and dependency problems exist in every operating system, he adds, but the problem is especially serious in Linux as thousands and thousands of developers from around the world create programs for Linux.
“Distros are trying to make things work together,” Cohen says. “But individual contributors don’t often have the equipment needed to test dependencies
significantly. At the end of the day, you need big facilities with a
lot of capabilities in order to do the full process, to really check that all the combinations of a piece of software or hardware works. We, at our laboratory,
can create more than 90,000 different Linux configurations. We have an infrastructure to check every combination that no one else has.”
Even the tech analysts aren’t sure what to make of Aduva. One analyst at a major tech market research firm declined to talk in detail about Aduva, because the company wasn’t one of his paying customers. (How’s that for independent analysis?) In his analysis of Linux software management, he says Aduva’s Director solution “did not receive rave reviews from me,” but then again, Aduva’s not his customer, so take that with a grain of salt.
On the other hand, Stacey Quandt with Giga Information Group, calls Aduva’s products the “best of breed” in Linux system management for businesses. She says she’s not particularly surprised that the company received a $14 million investment, even in this economic climate. Aduva has a six-month-old relationship with Hewlett-Packard, Quandt adds, and she expects Aduva’s profile to rise as more companies focus on security and systems management to protect their technology investments.
Giga does not publicly disclose its clients.
Cohen says Aduva’s change in focus from end users to OEMs was partly responsible for the $14 million investment, which came from the Intel 64 Fund, BMC Software, and
other sources.
“Through the year — and this year was hard for everyone — we have seen that the habits of end customers have changed dramatically,” Cohen says, explaining the move to the OEM strategy. “This year they were much more cautious … secondly, they started
looking on the big names and the big brands when they wanted to purchase something new; they were very cautious [about going] to a startup company, looking for
a full solution instead of a niche solution.
“More and more so, as time went on, we started to see the capability of the small company to reach the end customer in the current climate is actually fading
away,” he added. “Somewhere around the middle of the year, we realized we needed to change our attitude and look for others that will be able to take the message [to customers].”
So when Aduva began to approach potential OEM partners, including BMC Software, Cohen found interested investors.
“While it’s very difficult today to go to a venture capitalist to ask for funding for the Linux market, it was quite obvious that once we convinced BMC Software
that we had something that was 100% compliant with their technology … it was quite easy for them to understand that they not only want to use Aduva as an
OEM technology within their own solution, but also that it’s important to invest in the company and give it more funding,” he says. “I must say that this strategy of going from direct activity to indirect channels of high-end vendors was not only able to develop our future business in an easier way, but also help us a lot in the financing of
the company. Lucky us, we put those things together.”
This recent round of financing was the third in Aduva’s history. The company received $7.8 million in January 2001 and $1.8 million in January 2000.
Category:
Author: JT Smith
Yangchunbaixue XP is a set of software packages that is able to turn Red Hat
Linux 7.2 into a sophisticated Chinese desktop system with just a few mouse
clicks.
Author: JT Smith
Category:
Author: JT Smith
Category:
Author: JT Smith
Author: JT Smith
Category:
Author: JT Smith
From: Trustix Secure Linux Advisor <tsl@trustix.com> To: tsl-announce@trustix.org Subject: TSLSA-2002-0025 - rsync Date: Mon, 28 Jan 2002 15:13:21 +0100 Cc: bugtraq@securityfocus.com, linsec@lists.seifried.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Trustix Secure Linux Security Advisory #2002-0025 Package name: rsync Summary: Security fix Date: 2002-01-28 Affected versions: TSL 1.01, 1.1, 1.2, 1.5 - -------------------------------------------------------------------------- Problem description: This update fixes the signed/unsigned remote exploit bug in rsync. In previous releases the rsync program contained several bugs which would allow remote attackers to write 0-bytes to almost arbitrary stack- locations, thus giving them control over the programflow so that they could obtain a shell remotely. Action: We recommend that all systems with this package installed are upgraded. Please note that if you do not need the functionality provided by this package, you may want to remove it form your system. Location: All TSL updates are available from <URI:http://www.trustix.net/pub/Trustix/updates/> <URI:ftp://ftp.trustix.net/pub/Trustix/updates/> Automatic updates: Users of the SWUP tool can enjoy having updates automatically installed using 'swup --upgrade'. Get SWUP from: <URI:ftp://ftp.trustix.net/pub/Trustix/software/swup/> Public testing: These packages have been available for public testing for some time. If you want to contribute by testing the various packages in the testing tree, please feel free to share your findings on the tsl-discuss mailinglist. The testing tree is located at <URI:http://www.trustix.net/pub/Trustix/testing/> <URI:ftp://ftp.trustix.net/pub/Trustix/testing/> Questions? Check out our mailing lists: <URI:http://www.trustix.net/support/> Verification: This advisory along with all TSL packages are signed with the TSL sign key. This key is available from: <URI:http://www.trustix.net/TSL-GPG-KEY> The advisory itself is available from the errata pages at <URI:http://www.trustix.net/errata/trustix-1.2/> and <URI:http://www.trustix.net/errata/trustix-1.5/> or directly at <URI:http://www.trustix.net/errata/misc/2002/TSL-2002-0025-rsync.asc.txt> MD5sums of the packages: - -------------------------------------------------------------------------- e4da4af74ebf87feee979beff62af0eb ./1.5/SRPMS/rsync-2.4.6-4tr.src.rpm ca5e3bee94f885c83a07628376f7b0e6 ./1.5/RPMS/rsync-2.4.6-4tr.i586.rpm e4da4af74ebf87feee979beff62af0eb ./1.2/SRPMS/rsync-2.4.6-4tr.src.rpm 8d5f7deeb4eaf111c9ad8749e737cf3c ./1.2/RPMS/rsync-2.4.6-4tr.i586.rpm e4da4af74ebf87feee979beff62af0eb ./1.1/SRPMS/rsync-2.4.6-4tr.src.rpm e5713c4a209735d24245b8aea15e2290 ./1.1/RPMS/rsync-2.4.6-4tr.i586.rpm - -------------------------------------------------------------------------- Trustix Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8VUDHwRTcg4BxxS0RAup6AJ9lqDOdTXMdAmV35U2++EYyq4Yj5ACeK1I9 xETxLnWC9YK5c5uoxQIgNDY= =/Aw5 -----END PGP SIGNATURE----- _______________________________________________ tsl-announce mailing list tsl-announce@trustix.org http://www.trustix.org/mailman/listinfo.cgi/tsl-announce
Category:
Author: JT Smith
From: dburcaw@newhope.terraplex.com To: yellowdog-updates@lists.yellowdoglinux.com Subject: [yellowdog-updates] Yellow Dog Linux Security Update: YDU-20020127-11 Date: 28 Jan 2002 02:10:00 -0000 Yellow Dog Linux Security Announcement -------------------------------------- Package: groff Issue Date: January 27, 2002 Priority: high Advisory ID: YDU-20020127-11 1. Topic: New groff packages have been made available that fix an overflow in groff. If the printing system running this is a security issue, it is recommended to update to the new, fixed packages. 2. Problem: Groff is a document formatting system. The groff preprocessor contains an exploitable buffer overflow. If groff can be invoked within the LPRng printing system, an attacker can gain rights as the "lp" user. Remote exploitation may be possible if lpd is running and is accessible remotely, and the attacker knows the name of the printer and spoolfile. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0003 to this issue. Thanks to zen-parse for bringing this bug to our attention. (from Red Hat advisory) 3. Solution: a) Updating via yup... We suggest that you use the Yellow Dog Update Program (yup) to keep your system up-to-date. The following command(s) will automatically retrieve and install the fixed version of this update onto your system: yup update groff groff-gxditview groff-perl b) Updating manually... The update can also be retrieved manually from our ftp site below along with the rpm command that should be used to install the update. (Please use a mirror site) ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-2.1/ppc/ rpm -Fvh groff-1.17.2-7.0.2a.ppc.rpm rpm -Fvh groff-gxditview-1.17.2-7.0.2a.ppc.rpm rpm -Fvh groff-perl-1.17.2-7.0.2a.ppc.rpm 4. Verification MD5 checksum Package -------------------------------- ---------------------------- e5d92c7fc4df1919952b285474d0383b ppc/groff-1.17.2-7.0.2a.ppc.rpm 4c8e1de148a57b4e2c05240fc7bbfa1b ppc/groff-gxditview-1.17.2-7.0.2a.ppc.rpm 508550f96ed73bc80d916b68e436bbd9 ppc/groff-perl-1.17.2-7.0.2a.ppc.rpm e0a48ff4d69a2212923d7ea88e995c98 SRPMS/groff-1.17.2-7.0.2a.src.rpm If you wish to verify that each package has not been corrupted or tampered with, examine the md5sum with the following command: rpm --checksig --nogpg filename 5. Misc. Terra Soft has setup a moderated mailing list where these security, bugfix, and package enhancement announcements will be posted. See http://lists.yellowdoglinux.com/ for more information. For information regarding the usage of yup, the Yellow Dog Update Program, see http://http://www.yellowdoglinux.com/support/solutions/ydl_general/yup.shtml
Category:
