“A problem was discovered in the ht://Dig web indexing and searching
program. Nergal reported a vulnerability in htsearch that allows a
remote user to pass the -c parameter, to use a specific config file,
to the htsearch program when running as a CGI. A malicious user could
point to a file like /dev/zero and force the CGI to stall until it
times out. Repeated attacks could result in a DoS. As well, if the
user has write permission on the server and can create a file with
certain entries, they can point the server to it and retrieve any file
readable by the webserver UID.” Posted at Linux Weekly News.

For the Python community, all the news that’s fit to link. This week: Python eggs, a workalike for the ReXX translate() function, useful software development guidelines, SkunkWeb 3.1.3, and more. Posted at Linux Weekly News.

Reported at Network World Fusion: “Business software maker SAP AG on Wednesday strongly denied a media report that it has decided to back the software development platform based on the Java programming language from Sun Microsystems Inc. over the .Net software platform from competitor Microsoft Corp.”

“Advanced Micro Devices and Nvidia will make a show of nForce next week.
The new Nvidia nForce chipset for AMD Athlon/Duron, announced in June, will make its debut next week in motherboards and desktop PCs, an Nvidia representative said.

A slew of motherboard makers and some smaller PC makers are expected to announce products based on the new chipset.” Reported at ZDNet.

Hardware news from ZDNet (short item): “Hewlett-Packard has brought its new PA-8700 chip to its low-end server line, beefing up the four-processor L-class server with the faster CPU as expected and renaming the product the rp5400.”

LinuxSecurity.com has posted (PDF alert) The 60 Minute Network Security Guide: First Steps Towards a Secure Network Environment. The guide was assembled by the U.S. National Security Agency’s System and Network Attack Center, and includes information on security policies, passwords, host security, buffer overflows, rootkits, and more.

From ZDNet UK: “Sony has forced a programmer to remove from his Web site code that changed the behavior of its Aibo robot dog.
According to a report in New Scientist, the programs gave Aibo new functionality. One, called Disco Aibo, made the robotic canine dance to music.

Sony protested, saying that the applications used proprietary and encrypted code. The Japanese company demanded the removal of the programs, along with details of Aibo’s software protection.”

Reported at The Register: “Socially dysfunctional teenagers, disgruntled employees and even the Russian Mafia have brought the word ‘hacker’ into disrepute but the application of Buddhism can help turn things around.

That’s the view of ex-Buddhist monk turned chief executive of security startup White Hat Technologies, Thubten Comerford.”

Posted at LinuxSecurity.com: “Due to a configuration mistake in the libdb1 package included with
OpenLinux 3.1 some programs were using unsafe version of the snprintf
and vsnprintf functions. This might allow remote attackers to gain
access to your system or local attackers to gain root access.”

From a Film & Video article on the making of The Lord of the Rings film trilogy: “The first film, The Fellowship of the Ring, was scheduled to be delivered to New Line Cinema, Oct. 1 for a Dec. 19 release date. The Two Towers is scheduled for a December 2002 release, and the finale, The Return of the King will come out in December 2003.

By the end of the third film, a renderfarm of 192 SGI 1200 and 1100 series dual processor Linux servers will have chugged away 24 hours per day, seven days a week processing frames for several years.”