Alan Cox posts details of the latest changes to the Linux kernel, including: “Fix x86 IPI replay problems” … “Allow slab caches to force alignment always and thus fix PAE+ slab poisoning” … “Clean up fpu emu warnings on gcc 3.0cvs a bit.” Details at LWN.net.

Red Hat has released new Kerberos 5 packages for Red Hat 6.x and 7. The new packages fix a vulnerability in the handling of Kerberos IV ticket
files.

Says ZDNet’s Alfred Poor: “Everything in life is a trade-off. If you want a car that gets good gas mileage, you buy a lightweight model that’s probably not as safe as a Hummer. So too it is with notebook computers–you can have processor speed or battery life, but not both.”

“A group of companies that register global Internet domain names are calling on the Internet’s domain name management body to reject a controversial agreement with the biggest player in the market or to agree to changes that they say would mitigate the potential impact on competition.” Story at ZDNet.

“An attacker could place a malicious joerc file in a public writeable directory, like /tmp, to execute commands with the privilege of any user (including root), which runs joe while being in this directory.” Full details at LWN.net.

From Network World Fusion: “Intellectual property claims have blindsided the Internet Engineering Task Force and could derail the group’s efforts to develop a common scheme for supporting foreign-language domain names across the Internet.”

PR Newswire has information about the Spatializer Audio
Laboratories’ fiscal year reuslts, including its introduction of
StreamFX for Linux, to provide audio
enhancement for the XXMS Media Player, which is distributed with Red Hat Linux
and Corel Linux, among others.

Posted at LWN.net: “Solar Designer demonstrated that it is possible to do a passive
analysis on an ssh encrypted connection and obtain important
information about that connection. In particular, it is possible to
obtain the number of characters of a password (which can be the login
password itself or even passwords entered during interactive commands
such as “su”), type of authentication that was used (password or
publickey) and the numbers of characters typed in a shell.
This analysis can, for example, give valuable information that will
reduce the universe of passwords that have to be tried in a
brute-force attack.”

Salon.com has a column about Microsoft’s Hailstorm product, which will “put all your data in one convenient place — and leave Bill Gates with the keys.”

From net-secruity.org: “This release should fix the final bugs we accidently got
into 3.23.34 and a long security bug that has been in
MySQL a long time!

The main fixed bugs are that UPDATE didn’t always use
keys when updating on something not based on a primary
key and that ‘affected rows’ wasn’t returned to the
client if the mysqld server wasn’t compiled with support
for transactions.”