Computerworld: “The latest versions of Red Hat Linux and Mandrake Linux are now available, as well as an updated
version of Sun Solaris 8.

In an announcement Monday, Red
Hat Inc. unveiled Red Hat Linux 7.2
and Red Hat Linux Professional,
with new features for workstation
and server uses. Also on Monday, Paris-based MandrakeSoft announced that its new Version 8.1 will soon be available
for purchase in four different configurations. In an announcement yesterday, Sun Microsystems Inc. released details of the latest upgrades to its Sun
Solaris 8 Unix operating system, including an unlimited developer’s license for the iPlanet Application
Server.”

ZDNet: “Napster has begun a round of layoffs, the first major cuts in the file-swapping
pioneer’s history, sources close to the company said Wednesday. Details on how many people will be laid off, or in what departments, were not
immediately available. A Napster representative declined to comment on the layoffs.
The privately held company once had close to 100 employees.”

“Is ATi cheating at benchmarks or simply making their drivers for all those Quake 3 players out there?” That’s a question the folks at HardOCP have asked in a follow-up to their recent Radeon 8500 review, questioning ATI’s benchmark claims. “Quake 3 Arena is not only a staple to many
online gamers, it is also the de facto 3D benchmark in the world at this time. Yes
there are others out there, but chances are even your Mom knows what Quake 3 is.
Yes, even guys that write computer hardware magazine articles and have never played
a first person shooter know how to run Q3 benchmarks…and they use them.

What we think we have found out is that ATi has written their most recent public
driver set with Quake 3 Arena in mind.”

Updated mod_auth_pgsql packages are now available for Red Hat Linux 7.2.
These updates close a vulnerability which would allow a malicious client to
cause a Web server to execute arbitrary SQL statements. A bug in the MD5
password mechanism causing valid passwords not to authenticate the user has
also been fixed.

---------------------------------------------------------------------
Red Hat, Inc. Red Hat Security Advisory

Synopsis:          Updated mod_auth_pgsql packages available
Advisory ID:       RHSA-2001:124-04
Issue date:        2001-10-05
Updated on:        2001-10-23
Product:           Red Hat Linux
Keywords:          string injection md5 mod_auth_pgsql
Cross references:  
Obsoletes:         
---------------------------------------------------------------------

1. Topic:

Updated mod_auth_pgsql packages are now available for Red Hat Linux 7.2.
These updates close a vulnerability which would allow a malicious client to
cause a Web server to execute arbitrary SQL statements. A bug in the MD5
password mechanism causing valid passwords not to authenticate the user has
also been fixed.

2. Relevant releases/architectures:

Red Hat Linux 7.2 - i386

3. Problem description:

The updated mod_auth_pgsql packages close a vulnerability which would allow
a malicious client to cause a Web server to execute arbitrary SQL
statements. Several Apache authentication modules which use SQL databases
to store authentication information are vulnerable to a remote SQL code
injection attack. A bug in the MD5 password mechanism causing valid
passwords not to authenticate the user has also been fixed.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which are
not installed but included in the list will not be updated.  Note that you
can also use wildcards (*.rpm) if your current directory only contains
the
desired RPMs.

Please note that this update is also available via Red Hat Network.  Many
people find this an easier way to apply updates.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):

54146 - security: sql injection

6. RPMs required:

Red Hat Linux 7.2:

SRPMS:
ftp://updates.redhat.com/7.2/en/os/SRPMS/mod_auth_pgsql-0.9.9-2.src.rpm

i386:
ftp://updates.redhat.com/7.2/en/os/i386/mod_auth_pgsql-0.9.9-2.i386.rpm



7. Verification:

MD5 sum                           Package Name
--------------------------------------------------------------------------
5ebc2970c695950a24a044b046dc94d2 7.2/en/os/SRPMS/mod_auth_pgsql-0.9.9-2.src.rpm
30c43be9ed24fbf0e3b7e1e44ff28808 7.2/en/os/i386/mod_auth_pgsql-0.9.9-2.i386.rpm

These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at:
http://www.redhat.com/about/contact/pgpkey.html

You can verify each package with the following command:
rpm --checksig  <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
rpm --checksig --nogpg <filename>

8. References:

http://cert.uni-stuttgart.de/advisories/apache_auth.php


Copyright(c) 2000, 2001 Red Hat, Inc.

“…in an open-source monopoly the barriers to participation and
influence will disappear. This will be a different kind of monopoly–an “open monopoly”–from
which no vendor can be excluded from participating, including the big companies now joining the
open-source movement. They have much more to gain by breaking the existing monopoly and
replacing it with the new open monopoly.” From CNET News.com.

Posted at LinuxPR: “Jabber, Inc., a leading developer of software for extensible instant messaging (IM)
applications, and an operating subsidiary of Webb Interactive Services (NASDAQ:
WEBB), today announced a program under which a limited user version of its flagship
product, the JabberTM Communications Platform (JCP), will be available for free download
from the Jabber website.”

Commentary from LinuxPlanet: “The spring round of upgrades promises to be even better, with KDE-3.0, 3.01, or 3.1, Qt-3.x, KOffice
with good filters and WYSIWIG, a new and improved version of StarOffice, the latest barely functional
Mozilla, and whatever the GNOMEs are doing, which should be 2.0 or better. (No, this is not a flame
against GNOME — I’m simply not following all that closely what they’re up to — so hold your water.)

And recent events cause me to think that by spring someone will have produced a hyper-secure Linux.
Not that goofy H-P idea of a secure Linux for, what, $3,000, but plain old Linux, only tight as can be.”

“Most of the Windows versus Unix debate has been cast in terms
of which is technically better or which is cheaper, but the real
question is, ‘Under what circumstances is it smarter to pick one
technology rather than the other?'” Find out in LinuxWorld’s comparison study.

From a press released posted at Borland: “Borland Software Corporation (Nasdaq NM:
BORL), a leading provider of e-business platform solutions, today announced Borland® Kylix[tm] 2 for the rapid development of
e-business applications for Linux®. The latest version of Borland’s award-winning, rapid application development (RAD)
environment for the Linux operating system, Kylix 2 enables companies to rapidly build and deploy applications that simplify
e-business integration with Web Services across diverse platforms between customers, suppliers, business partners and
employees worldwide.”

InfoWorld: “As is the situation at many companies, Dreamworks’ IT budget
is not an infinite resource. To that end, [Ed] Leonard is making a
name for himself as an example of how Linux can be
cost-efficiently deployed in large-scale environments. “My
background is software, so I’ve always been fascinated with shareware, emerging software,
and just creating interesting, cool applications,” Leonard says. “But I wasn’t really involved
in the Linux movement.”

But after observing the rise of Linux while simultaneously noting that technologies such as
CPUs and graphics cards continued to slide into commodity status, Leonard realized Linux
could be effectively applied to high-end apps.”