Author: JT Smith
Author: JT Smith
I thought maybe whoever registered linuxsucks.com was just joking. Or maybe the site was a plant, bought and paid for by Linux PR professionals to make Windows users look bad.Face it, it would be possible to come up with a halfway decent hate site aimed at Linux. There has to be at least a handful of people who weren’t resourceful enough to stick with Linux, but who possess enough journalistic and design/layout talent to set up a professional looking Web site.
Maybe it wasn’t worth it to those people. Anyway, it appears that the site is not a joke or a plant, but an effort by one Kevin Gough to impugn the integrity of our favorite OS. As you may have guessed, I don’t think he’s doing a very good job. Mr. Gough is also the purveyor of KG Computer Services, which is “a software development house with over 20 years of experience.” We don’t know what he started developing on, and the KG Computer Services Web site doesn’t provide any information — just a bunch of Hypermart pop-up ad banners, but we have a feeling it’s Windows all the way now.
Which is fine, but what is the point of linuxsucks.com? It calls itself the place where frustrated and former users sound off. But the site doesn’t do much of anything other than list gobs of posts that seem to be a collection of drivel from the dregs of both camps. There’s also a few loaded statements on the front page, like “ASP.NET will crush Linux once and for all. It will blow Unix/Linux away as a web server platform,” and “Windows XP: You’ll want it even more after trying Linux.” It’s classic troll, but it’s not backed up by facts or even a sane argument.
There’s even a link that’s labeled “Mr. T thinks Linux sucks too!” It’s one of those stupid sites that takes your html and changes the dialect.
Even more befuddling is the linuxsucks.com store. I was hoping to see some T-shirts, ball caps and coffee mugs emblazoned with the linuxsucks.com logo. Instead, I found a Harry Potter boxed set, Madonna CDs, baby cribs???! At least keep it on topic, for crying out loud!
More acceptable would be a site that offered “frustrated users” true alternatives and solutions to their problems, and also was a bit more honest about the shortcomings of Windows and other Microsoft products. I guess that would be a bit ridiculous to expect from a site called linuxsucks.com (note: turn off javascript in your browser or you’ll be redirected to another site), though.
However, to back up my claim that linuxsucks.com looks like a joke, take a look at the anti-Windows counterpart to this site, windows-sucks.com. It’s well organized, looks like a professional did it, and the webmaster can put together a coherent paragraph. Not only that, but it lists dozens of alternatives to Windows for people who are looking, and REAL, on topic merchandise — and even free email forwarding for those of you who want @windows-sucks.com instead of whatever it is you use now.
Category:
Author: JT Smith
From: Robert van der Meulen <rvdm@debian.org> To: debian-security-announce@lists.debian.org Subject: [SECURITY] [DSA-095-1] gpm (gpm-root) format string vulnerabilities Date: Thu, 27 Dec 2001 21:22:10 +0100 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-095-1 security@debian.org http://www.debian.org/security/ Robert van der Meulen December 27, 2001 - ------------------------------------------------------------------------ Package : gpm Problem type : local root vulnerability Debian-specific: no The package 'gpm' contains the 'gpm-root' program, which can be used to create mouse-activated menus on the console. Among other problems, the gpm-root program contains a format string vulnerability, which allows an attacker to gain root privileges. This has been fixed in version 1.17.8-18.1, and we recommend that you upgrade your 1.17.8-18 package immediately. wget url will fetch the file for you dpkg -i file.deb will install the referenced file. Debian GNU/Linux 2.2 alias potato - --------------------------------- Potato was released for alpha, arm, i386, m68k, powerpc and sparc. Source archives: http://security.debian.org/dists/stable/updates/main/source/gpm_1.17.8-18.1.diff.gz MD5 checksum: 8c48aa1656391d3755c289a87db13bf0 http://security.debian.org/dists/stable/updates/main/source/gpm_1.17.8-18.1.dsc MD5 checksum: bafbe8ffe73d3b5783e9841f1894af77 http://security.debian.org/dists/stable/updates/main/source/gpm_1.17.8.orig.tar.gz MD5 checksum: 9d50c299bf925996546efaf32de1db7b Alpha architecture: http://security.debian.org/dists/stable/updates/main/binary-alpha/gpm_1.17.8-18.1_alpha.deb MD5 checksum: 0e50705cadfd58777d02fa6806c10bdf http://security.debian.org/dists/stable/updates/main/binary-alpha/libgpmg1-dev_1.17.8-18.1_alpha.deb MD5 checksum: cbeeeac3795318255126814d71b7b945 http://security.debian.org/dists/stable/updates/main/binary-alpha/libgpmg1_1.17.8-18.1_alpha.deb MD5 checksum: f5dd9e395259b037d20e013e112a55e8 ARM architecture: http://security.debian.org/dists/stable/updates/main/binary-arm/gpm_1.17.8-18.1_arm.deb MD5 checksum: 6b41896ddfed4a119d17e5d8e8391384 http://security.debian.org/dists/stable/updates/main/binary-arm/libgpmg1-dev_1.17.8-18.1_arm.deb MD5 checksum: f02444fc5a9a6a7c7da0e1cb19df24a6 http://security.debian.org/dists/stable/updates/main/binary-arm/libgpmg1_1.17.8-18.1_arm.deb MD5 checksum: 0ae3eb96377394d65e0e8031d0019147 Intel IA-32 architecture: http://security.debian.org/dists/stable/updates/main/binary-i386/gpm_1.17.8-18.1_i386.deb MD5 checksum: 18c837abec8360db146681d2a713177a http://security.debian.org/dists/stable/updates/main/binary-i386/libgpm1-altdev_1.17.8-18.1_i386.deb MD5 checksum: f60aa2b9720ee597f18fa3fa86a8af6e http://security.debian.org/dists/stable/updates/main/binary-i386/libgpm1_1.17.8-18.1_i386.deb MD5 checksum: 815a1e90fe36e603f0803f92b6898f19 http://security.debian.org/dists/stable/updates/main/binary-i386/libgpmg1-dev_1.17.8-18.1_i386.deb MD5 checksum: 514a1baee569e548349f7c4dc2941f3d http://security.debian.org/dists/stable/updates/main/binary-i386/libgpmg1_1.17.8-18.1_i386.deb MD5 checksum: 52014c36f8155a0c89e9ade02d91cdbe Motorola 680x0 architecture: http://security.debian.org/dists/stable/updates/main/binary-m68k/gpm_1.17.8-18.1_m68k.deb MD5 checksum: ce61772d26c799bce33d729ed7fc67b7 http://security.debian.org/dists/stable/updates/main/binary-m68k/libgpm1-altdev_1.17.8-18.1_m68k.deb MD5 checksum: 923894ee7bdc1a8e648881eaf5f372da http://security.debian.org/dists/stable/updates/main/binary-m68k/libgpm1_1.17.8-18.1_m68k.deb MD5 checksum: 019de1ecb144e3d10b5978ea640a24c4 http://security.debian.org/dists/stable/updates/main/binary-m68k/libgpmg1-dev_1.17.8-18.1_m68k.deb MD5 checksum: 88d75f4b1f85e6aee903f886b311e127 http://security.debian.org/dists/stable/updates/main/binary-m68k/libgpmg1_1.17.8-18.1_m68k.deb MD5 checksum: 1ea940b2e3c5d7fade43d75ed3253569 PowerPC architecture: http://security.debian.org/dists/stable/updates/main/binary-powerpc/gpm_1.17.8-18.1_powerpc.deb MD5 checksum: aa2415e6f489af235e173d6d5a69b05f http://security.debian.org/dists/stable/updates/main/binary-powerpc/libgpmg1-dev_1.17.8-18.1_powerpc.deb MD5 checksum: cd823ce39eb4125ed4a8dd0c17362107 http://security.debian.org/dists/stable/updates/main/binary-powerpc/libgpmg1_1.17.8-18.1_powerpc.deb MD5 checksum: 0188cb6c4ffd82a146812e53c1387918 Sun Sparc architecture: http://security.debian.org/dists/stable/updates/main/binary-sparc/gpm_1.17.8-18.1_sparc.deb MD5 checksum: b703c2e30b52446508f18951551839a3 http://security.debian.org/dists/stable/updates/main/binary-sparc/libgpmg1-dev_1.17.8-18.1_sparc.deb MD5 checksum: b8a75b6ab45f649b9e458cf778545a9e http://security.debian.org/dists/stable/updates/main/binary-sparc/libgpmg1_1.17.8-18.1_sparc.deb MD5 checksum: fa4ae1bda04f3b13622d6e6bc9ffcb35 These packages will be moved into the stable distribution on its next revision. For not yet released architectures please refer to the appropriate directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ . - -- - ---------------------------------------------------------------------------- apt-get: deb http://security.debian.org/ stable/updates main dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8K4LkFLJHZigagQ4RAqikAKC7ogsUzIlAreE5/Mki78uqCnvPpgCgqdRl t+b1OntlAE3rvVNBC/0vej8= =ByVf -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Category:
Author: JT Smith
Category:
Author: JT Smith
Category:
Author: JT Smith
pre3: - Christoph Hellwig: scsi_register_module cleanup - Mikael Pettersson: apic.c LVTERR fixes - Russell King: ARM update (including bio update for icside) - Jens Axboe: more bio updates - Al Viro: make ready to switch bread away from kdev_t.. - Davide Libenzi: scheduler cleanups - Anders Gustafsson: LVM fixes for bio - Richard Gooch: devfs update pre2: - Al Viro: task-private namespaces, more cleanups pre1: - me: revert the "kill(-1..)" change. POSIX isn't that clear on the issue anyway, and the new behaviour breaks things. - Jens Axboe: more bio updates - Al Viro: rd_load cleanups. hpfs mount fix, mount cleanups - Ingo Molnar: more raid updates - Jakub Jelinek: fix Linux/x86 confusion about arg passing of "save_v86_state" and "do_signal" - Trond Myklebust: fix NFS client race conditions
Category:
Author: JT Smith
and some pending experimental bits that should end up Linuswards soon.
This is a fairly big merge, so it may take another release or two to
shake out any merge errors.”
Patch against 2.5.1 vanilla is available from: http://www.codemonkey.org.uk/patches/2.5/patch-2.5.1-dj6.diff.bz2 Some of the fixes still haven't found their way back to Marcelo yet but should show up in 2.4.18pre1 with any luck. Enjoy, -- Davej. 2.5.1-dj6 o Merge 2.5.2pre2 | Includes updated for 2.5 SCSI debug driver. (Douglas Gilbert) o Merge 2.4.18pre1 o Missing include in sunrpc sched.c (David S. Miller) o Remove incorrect devinit's from bttv & USB. (Andrew Morton) o Remove redundant EISA_bus__is_a_macro macro. (Me) o Split visws support to setup-visws.c (Me) | Can someone with one of these beasts test this, and maybe | even *gulp* maintain it ? o pc110pad spinlock thinko (Peter T. Breuer) o Fix reiserfs + highmem possible oops. (Oleg Drokin) o Fix reiserfs fsx breakage. (Oleg Drokin) o Make IPV6 accept timestamps in response to SYNs. (Alexey Kuznetsov) o NCR5380_timer_fn needs to be static. (Rasmus Andersen) o CONFIG_SERIAL_ACPI is IA64 only. (Me)
Category:
Author: JT Smith
+------------------------------------------------------------------------+ | EnGarde Secure Linux Security Advisory December 27, 2001 | | http://www.engardelinux.org/ ESA-20011227-01 | | | | Package: stunnel | | Summary: There is a format string vulnerability in stunnel. | +------------------------------------------------------------------------+ EnGarde Secure Linux is a secure distribution of Linux that features improved access control, host and network intrusion detection, Web based secure remote management, complete e-commerce using AllCommerce, and integrated open source security tools. OVERVIEW -------- There is a format string vulnerability in stunnel which may allow an attacker to exploit a victim by impersonating a mail server. DETAIL ------ There are a couple of instances in stunnel where a format is not passed to a printf-like function, leading to your classic format string vulnerability. It is not know weather or not it is exploitable at this time but all users are recommended to upgrade in any event. This vulnerability was disclosed on December 18 by Matthias Lange on the stunnel-users mailing list. The original message may be found here: http://marc.theaimsgroup.com/?l=stunnel-users&m=100868569203440&w=3 All users should upgrade to the most recent version, as outlined in SOLUTION -------- All users should upgrade to the most recent version as outlined in this advisory. All updates may be found at: ftp://ftp.engardelinux.org/pub/engarde/stable/updates/http://ftp.engardelinux.org/pub/engarde/stable/updates/ Before upgrading the package, the machine must either: a) be booted into a "standard" kernel; or b) have LIDS disabled. To disable LIDS, execute the command: # /sbin/lidsadm -S -- -LIDS_GLOBAL To install the updated package, execute the command: # rpm -UvhYou must now update the LIDS configuration by executing the command: # /usr/sbin/config_lids.pl To re-enable LIDS (if it was disabled), execute the command: # /sbin/lidsadm -S -- +LIDS_GLOBAL To verify the signatures of the updated packages, execute the command: # rpm -Kv UPDATED PACKAGES ---------------- These updated packages are for EnGarde Secure Linux 1.0.1 (Finestra). Source Packages: SRPMS/stunnel-3.22-1.0.4.src.rpm MD5 Sum: e408662d6fc54f3979642c9e8c110ba4 Binary Packages: i386/stunnel-3.22-1.0.4.i386.rpm MD5 Sum: 482ff9210541d73b114404ccb9732cf0 i686/stunnel-3.22-1.0.4.i686.rpm MD5 Sum: afad91053b8d482e36e85251fab06755 REFERENCES ---------- Guardian Digital's public key: http://ftp.engardelinux.org/pub/engarde/ENGARDE-GPG-KEY Credit for the discovery of this bug goes to: Matthias Lange ml@netuse.de> stunnel's Official Web Site: http://stunnel.mirt.net/ Security Contact: security@guardiandigital.com EnGarde Advisories: http://www.engardelinux.org/advisories.html -------------------------------------------------------------------------- $Id: ESA-2001122701-stunnel,v 1.2 2001/12/27 16:02:00 rwm Exp $ -------------------------------------------------------------------------- Author: Ryan W. Maple, ryan@guardiandigital.com> Copyright 2001, Guardian Digital, Inc.
Author: JT Smith
Author: JT Smith
Some of these fixes still haven’t found their way back to Marcelo yet
but should show up in 2.4.17-rc3 / 2.4.18pre1 with any luck.”
Category:
