news

CentOS Errata and Security Advisory 2008:0612 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2008-0612.html The following updated files have been uploaded and are currently syncing to the mirrors: ( md5sum Filename ) i386: 0e96a5c5648375bca4f54f290d3a2247 kernel-2.6.18-92.1.10.el5.i686.rpm 5336a850aa30b5a55cdb3788a14a9f28 kernel-debug-2.6.18-92.1.10.el5.i686.rpm 3c78e714d11c2c2b6910cdcc47a694bf kernel-debug-devel-2.6.18-92.1.10.el5.i686.rpm 1404c810d7571d722436fba2dbe86445 kernel-devel-2.6.18-92.1.10.el5.i686.rpm f4990d57aed66cd66b86cb0193032981 kernel-doc-2.6.18-92.1.10.el5.noarch.rpm bc9b2a65df26736b6dfd8ed731f50209 kernel-headers-2.6.18-92.1.10.el5.i386.rpm 5aa251d478ff3d43fae595e008087f0a kernel-PAE-2.6.18-92.1.10.el5.i686.rpm d76a3f8d837b82f0ddb3d9b06537898f kernel-PAE-devel-2.6.18-92.1.10.el5.i686.rpm 4a0c9a6c14ade7cbf7e2701cfdfa22a8 kernel-xen-2.6.18-92.1.10.el5.i686.rpm 743d9f204512f83a73e46ae126733371 kernel-xen-devel-2.6.18-92.1.10.el5.i686.rpm Source: 1b05a0525efa915022c16d741764325e kernel-2.6.18-92.1.10.el5.src.rpm -- Karanbir Singh CentOS Project { http://www.centos.org/ } irc: z00dax, #centos ( -at -) irc.freenode.net _______________________________________________

Fellow Webmasters, Site Owners and Newsposters, Tweaknews.net has released yet another review onto the internet. I was wondering if you could please post it in today's news for me. ---------------------------------------------------------------------------------------- Article Name: Samsung SC-MX10 Solid State Memory Camcorder Review ( -at -) Tweaknews.net Article Url: http://www.tweaknews.net/reviews/samsung_sc-mx10_solid_state_camcorder_review/ Article PIC: http://www.tweaknews.net/reviews/samsung_sc-mx10_solid_state_camcorder_review/img/email.jpg Article Snippet: "Solid state memory brings a unparallel size reduction that brings the features of a standard camcorder to the market in a package that weighs half, and is half of the size of your regular MiniDV, DVD or hard drive camcorder." ------------------------------------------------------------------------------------------ Could you email back saying you posted it, TWEAK IT LIKE YOU MEAN IT!!!! Many Thanks, Nathan Glentworth Owner / Head Editor nathan ( -at -) tweaknews.net www.Tweaknews.net www.Tweaknews.com

Hello Technology News Community, I4U NEWS published a review of Mint 220 Wireless Digital Music Station. Quote from the review: "Today we are looking at a really nice wireless digital music system that features an iPod dock called the Mint 220. The system is very easy to set up and offers great sound quality. Overall, the Mint 220 is very impressive. The sound quality from the small system is great, the price is very good at $179, and the system is very easy to set up for wireless streaming. It's hard to go wrong with the Mint 220. The only way I could see the Mint 220 being better would be if you had the option to run it from batteries for truly portable use." Full Review: http://www.i4u.com/full-review-461.html Photo: http://www.i4u.com/images/2007/mint220-stock.jpg Homepage Link: http://www.i4u.com We would very much appreciate if you post this news story/review on your site. As always I4U News is open to cross-post your technology stories. Please visit http://www.i4u.com for more stories. As long as you provide credits and links to the original story on I4U News we appreciate any cross-posting of our content. If you don't want to receive review and news submissions from I4U News please just reply to this email indicating that or use the unsubscribe link below. We appreciate giving us a chance to inform you about our latest reviews and please apologize if this email reaches you in error or does not meet your interest. best regards, Chief Editor Luigi Lugmayr :: I4U Technology News Network :: http://www.i4u.com - Technology News http://shop.i4u.com - I4U Shop http://pricewatch.i4u.com - Shopping Guide http://www.wristdreams.com - Technology Wrist Watches :::

-------- INTERVIEW: ANDREW MILLIGAN, THE BRAIN BEHIND SUMO LOUNGE ( -at -) APH NETWORKS ------------------------------------------------------------ Dear Media friends, APH Networks has published a new review that your readers might enjoy. A post in your site's news section would be greatly appreciated! * Title: Interview: Andrew Milligan, the Brain Behind Sumo Lounge ( -at -) APH Networks * Description: It's been almost two years since we've conduced our last interview. There are so many interesting people in the world, I just don't know where to start! After taking a look at the Sumo Lounge SumoSac a few weeks back, there's one person I felt like I really need to interview. That's Andrew Milligan, the guy who came up with Sumo Lounge, a company that designs and markets beanbags, and brought it to what it is today. I really wanted to know more about the brainchild behind this company when I read the Wall Street Journal article on some background to his business. But how much can a couple paragraph say? Not a lot. I'm really lucky to get to know Andrew himself though. So, with our notebook (computers) and the such in hand, we had an opportunity to sit down with Andrew over at Sumo Lounge with our exclusive interview on APH Networks today. * Link: http://aphnetworks.com/lounge/interview_andrew_milligan_the_brain_behind... [1] * Image: http://aphnetworks.com/funstuff/sumo_lounge_sumosac_sultan_khaki/006.JPG [2] Thanks for your support. Don't forget to send your site news to

/* base styling */ div.pommoMailing { background-color: white; /* background color */ color: #333; /* text color */ width: 100%; padding: 6px; } div.pommoMailing a, div.pommoMailing a:visited { text-decoration: none; color: #0067ff; /* link & visited link color */ } /* header styling */ div.pommoMailing div.pommoHeader { border: 1px solid black; padding: 6px; background-color: #DDF0BD; /* light green */ color: green; width: 100%; text-align: center; } /* footer styling */ div.pommoMailing div.pommoFooter { width: 100%; padding: 5px 12px; background-color: black; color: #DDD; } div.pommoMailing p.smaller { font-size: 80%; } If you are having trouble viewing this email, click here. SCALE 7x Dates, Location, and CFP set Like a fine wine, SCALE continues to improve with age. The 7th Annual So Cal Linux Expo will be February 20-22, 2009. For 2009, the Expo will return to the Westin LAX Hotel, site of the 6th Expo. Because interest in Open Source Software is steadily growing, attendance at SCALE continues to also grow. The depth and breadth of its audience is expanding, so the Expo will add additional speaker tracks to expand the educational opportunities for guests of all experience levels. The Call for Papers for the 7th Annual Expo opened August 4th 2008. The CFP solicits proposals from those who wish to speak at SCALE in February. In addition to three general tracks, a Developer's track and a Beginner's track have been added. So there are many more opportunities to speak at SCALE, and on a vastly wider breadth of topics than in the past. Pertinent dates for the CFP are: 4 August, 2008: CFP Opens 30 Nov, 2008: Deadline for abstracts/proposals submissions 20 Dec, 2008: Last date for notiï¬cation of acceptance 20 Feb, 2009: Conference starts If you're interested in presenting at SCALE, the full CFP is available here. Please consider speaking - SCALE welcomes your proposal! To unsubscribe or update your records, Click here. Message sent with poMMo.

Hello Webmasters and News Posters, NEW CONTENT (Visual) - ASUS GeForce 9800 GTX+ TOP Graphics Card QUOTE: "We saw the 9800 GTX+ launch a little bit back, but samples have been scarce and stock has been even harder to get a hold of. It’s been a while since we’ve seen a card be a paper launch, but it seemed the 9800 GTX+ was exactly that. It was designed to help draw attention away from the release of the new AMD cards. Today we’re not only looking at a standard GTX+, but the overclocked model from ASUS that comes in under the TOP naming scheme. Let’s have a quick look at the package and the card along with what ASUS has done with the core, shader and memory clock." For more information, please visit - http://www.tweaktown.com/reviews/1532/asus_geforce_9800_gtx_top_graphics_card/index.html Best Regards, The TweakTown Team http://www.tweaktown.com

Today we are presenting a new chipset from AMD called 790GX (RS780D), that comes with a new southbridge called SB750 . This new chipset supports AM2 and AM2+ CPU, DDR2-1066 memory, integrated GPU based on Radeon HD3300 and Hybrid Crossfire/CrossFireX compatibility. One of the most interesting things is that this new chipset includes "SidePort" technology, that uses motherboard integrated memory for onboard graphics. Link: http://www.madboxpc.com/review-chipset-amd-790gx-sb750/ BR, Juan Eduardo Donoso MADBOXPC -- *Juan Eduardo Donoso Rosas** Content Administrator URL: **http://www.madboxpc.com RSS: http://feeds.madboxpc.com/portalmbpc** **e-mail: jotequila ( -at -) madboxpc.com <mailto:jotequila ( -at -) madboxpc.com>** **MSN Messenger: juanedonoso ( -at -) gmail.com <mailto:juanedonoso ( -at -) gmail.com>** **Twitter: http://twitter.com/Jotequila** **Phone: (56)-9-76240004*

Benchmark Reviews has released a new article which your readers might enjoy. We would be grateful if you would please share it with them. TITLE: Gigabyte GA-EP45T-EXTREME P45 Motherboard ( -at -) Benchmark Reviews DESCRIPTION: There are two kinds of computer enthusiasts in this world: those with a personal connection to the system motherboard, and those who simply refer to the part as a computer mainboard. For overclockers, the relationship with a well-designed motherboard can mean love or hate, and no two parts are alike. The motherboard is, after all, the foundation of every computer, and the importance is central to stable system operation. No matter if you are a low-demand office worker who plugs away on letters or spreadsheets every day or if you are a high-performance hardware enthusiast who demands extreme frame rates from your video games, one component alone will determine your ability: the motherboard. In this article Benchmark Reviews tests the Gigabyte GA-EP45T-EXTREME P45 Ultra-Durable 2 DES motherboard against our harsh overclocking demands. ARTICLE URL: http://benchmarkreviews.com/index.php?option=com_content&task=view&id=201&Itemid=1 IMAGE URL: http://benchmarkreviews.com/images/reviews/motherboards/GA-EP45T-EXTREME/Gigabyte-GA-EP45T-EXTREME-Intel-P45-Motherboard.jpg Thank you for your being a dependable affiliate and posting our news; we appreciate your support. Change your subscription ( http://benchmarkreviews.com/index.php?option=com_acajoom&Itemid=1&act=change&subscriber=352&cle=7356a875fb9b610758ab537caceaa9b6&listid=1 ) Unsubscribe ( http://benchmarkreviews.com/index.php?option=com_acajoom&Itemid=1&act=unsubscribe&subscriber=352&cle=7356a875fb9b610758ab537caceaa9b6&listid=1 )

Hello Everyone, If you've been on top of the PC scene for any length of time, you probably know that whether by choice or necessity, AMD has taken a different tact as of late. Whereas the company was all about bigger, faster, and better during the Athlon's heyday, AMD is now more about touting the performance per dollar and value of their products. While they may not have a CPU with the horsepower to compete in the benchmark war with Intel's $1000 behemoths, AMD's affordably priced Phenoms do offer good bang for the buck. The value conscious mentality that has permeated AMD's recent graphics card and processor launches has also rung true in their motherboard chipset business as well. The 690G and 780G, for example, offered solid feature sets and excellent IGPs, at very affordable prices. And today, AMD continues their recent traditions with the introduction of the 790GX chipset, which improves upon the 780G is virtually every way. A new Southbridge is also making its debut which promises to enhance the overclockability of Phenom processors. Head on over to the site and check take a look... URL: http://www.hothardware.com/Articles/AMD_790GX_Chipset_Platform_Launch Site: http://www.hothardware.com/ As always, a link in your news sections would be much appreciated! If you'd like us to return the favor, please don't hesitate to send your press

Hardware Canucks is pleased to present our review of the ASRock P45R2000-WiFi DDR2 / DDR3 (P45) motherboard. *Article URL:* http://www.hardwarecanucks.com/forum/hardware-canucks-reviews/8709-asrock-p45r2000-wifi-motherboard-review.html *Quote:* *Following up the X48TurboTwins-WiFi, ASRock continues with the philosophy of catering to the mid-range and high-end (enthusiast) markets with a board utilizing another new Intel chipset, the P45R2000-WiFi. The latest from ASRock is based off the popular Intel P45 chipset, a follow up of the P35 chipset, and allows for high speed DDR3 memory support along with two PCIE2.0 slots for your CrossFire needs. Along with the latest and greatest chipset, the board hosts a number of innovative features such as support for 1600 and 1333 FSB processors out of the box as well as hybrid DDR2 and DDR2 memory compatibility. * *Image URL:* http://images.hardwarecanucks.com/image/eldonko/ASRockP45Review/Photos/Smbfull.jpg We would appreciate it if you would post this up in your News section Regards, -- Hardware Canucks News Team

Hello, OCIA.net has posted their review of the BFG Tech LS-550 Power Supply. Below is a direct quote from the review: "BFG offers several different models of power supplies, from the value-oriented GS to the modular MX series, all the way up to their top of the line ES-800; they have something for every need and budget. The one I have for review today is the LS-550, which seems to fall somewhere in the middle of their lineup. Despite the relatively smallish power rating, the LS-550 offers quad +12v rails, 6 and 8-pin PCIe and ATX 2.2 version compatibility, all backed up by an impressive 5-year warranty." Direct Link: http://www.ocia.net/reviews/bfgls550/page1.shtml Image Link: http://www.ocia.net/images/icons/328.jpg Site Link: http://www.ocia.net A news posting on your site would be greatly appreciated. Thanks in advance for your support! Thanks, OCIA.net Staff http://www.ocia.net

AMD built one heck of a north bridge chip with the 780G. Not only does it feature the fastest integrated graphics core around in the Radeon HD 3200, but the 780G is also capable of full Blu-ray decode acceleration for silky smooth 1080p playback with nominal CPU utilization. The 780G is an energy-efficient affair thanks to advanced 55nm fabrication technology, and it's loaded with 26 second-gen PCI Express lanes should your gaming aspirations grow beyond modest resolutions and in-game detail levels. This tiny piece of silicon is so good that AMD's decided to spin it into a new model: the 790GX. With its graphics core boosted from 500 to 700MHz and the addition of sideport memory riding shotgun, the 790GX is perhaps best thought of as a 780G Type R. The graphics upgrades hit the PCI Express front, too, with the 790GX arriving on motherboards designed to accommodate dual-x8 CrossFire configurations. The 790GX hasn't come alone, either. This chipset also brings with it AMD's new SB750 south bridge chip. This upgraded SB700 adds RAID 5 functionality and an Advanced Clock Calibration (ACC) feature that AMD says allows Phenom processor to overclock higher. Read on for the skinny on ACC, how well it works, and whether AMD has made a great chipset even better with the 790GX. http://techreport.com/articles.x/15256 Thanks, Geoff ---- Geoff Gasior The Tech Report http://techreport.com -- To unsubscribe from: TR-News, just follow this link:

A news post would be great. OCC has published a new review on the ECS P45T-A Here is a quote from the review: Quote: "On the flip side, I did go into this review with high hopes considering the other Black Series boards I have tested, but I was left with a sour taste when it came to the overclocking side of the review. This board just did not like any increase I threw at it. I only achieved a 34MHz boost, which is the lowest overclock I have ever gotten. I attribute this to the weak overclocking options in the BIOS, because even raising the vCore to 1.47v could not get me any higher. Another thing you might want to look out for is the IDE port placement, which is at the bottom of the board. This might pose some severe problems for those of you who use IDE-based optical drives with large cases. I was surprised to see that the PCI Express x16 ports are limited to x8 electrically when two cards are placed in a CrossFireX configuration, but considering the bandwidth that PCI-E 2.0 brings to the table, this should not be an issue." Title: ECS P45T-A Review Link: http://www.overclockersclub.com/reviews/p45ta/ Img: http://www.overclockersclub.com/siteimages/articles/p45ta/6_thumb.jpg

Greetings, Overclockers Online has posted a new review. A news post would be greatly appreciated. Title: n-Trance n-Tegrity Pro 1 GB Review at Overclockers Online Link: http://www.overclockersonline.net/?page=articles&num=1911 Quote: While the benchmark numbers leave a lot to be desired, that really isn't the focus point of the n-Tegrity Pro, as security takes a front seat for this drive. With data security the n-Tegrity Pro has a very robust assortment of encryption options that satisfies even government security protocols and with a slew of options you can tailor it to fit what method you prefer. The built in n-Pass software allows you to store passwords, web forms and e-mail in an encrypted environment so you no longer have to remember that slew of usernames and passwords. Thanks for the post. Best regards, Simon Lau _______________________________________________

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200808-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Wireshark: Denial of Service Date: August 06, 2008 Bugs: #230411, #231587 ID: 200808-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple Denial of Service vulnerabilities have been discovered in Wireshark. Background ========== Wireshark is a network protocol analyzer with a graphical front-end. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-analyzer/wireshark < 1.0.2 >= 1.0.2 Description =========== Multiple vulnerabilities related to memory management were discovered in the GSM SMS dissector (CVE-2008-3137), the PANA and KISMET dissectors (CVE-2008-3138), the RTMPT dissector (CVE-2008-3139), the syslog dissector (CVE-2008-3140) and the RMI dissector (CVE-2008-3141) and when reassembling fragmented packets (CVE-2008-3145). Impact ====== A remote attacker could exploit these vulnerabilities by sending a specially crafted packet on a network being monitored by Wireshark or enticing a user to read a malformed packet trace file, causing a Denial of Service. Workaround ========== There is no known workaround at this time. Resolution ========== All Wireshark users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.0.2" References ========== [ 1 ] CVE-2008-3137 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3137 [ 2 ] CVE-2008-3138 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3138 [ 3 ] CVE-2008-3139 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3139 [ 4 ] CVE-2008-3140 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3140 [ 5 ] CVE-2008-3141 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3141 [ 6 ] CVE-2008-3145 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3145 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200808-04.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security ( -at -) gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200808-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Mozilla products: Multiple vulnerabilities Date: August 06, 2008 Bugs: #204337, #218065, #230567, #231975 ID: 200808-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been reported in Mozilla Firefox, Thunderbird, SeaMonkey and XULRunner, some of which may allow user-assisted execution of arbitrary code. Background ========== Mozilla Firefox is an open-source web browser and Mozilla Thunderbird an open-source email client, both from the Mozilla Project. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the 'Mozilla Application Suite'. XULRunner is a Mozilla runtime package that can be used to bootstrap XUL+XPCOM applications like Firefox and Thunderbird. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 mozilla-firefox < 2.0.0.16 >= 2.0.0.16 2 mozilla-firefox-bin < 2.0.0.16 >= 2.0.0.16 3 mozilla-thunderbird < 2.0.0.16 >= 2.0.0.16 4 mozilla-thunderbird-bin < 2.0.0.16 >= 2.0.0.16 5 seamonkey < 1.1.11 >= 1.1.11 6 seamonkey-bin < 1.1.11 >= 1.1.11 7 xulrunner < 1.8.1.16 >= 1.8.1.16 8 xulrunner-bin < 1.8.1.16 >= 1.8.1.16 ------------------------------------------------------------------- 8 affected packages on all of their supported architectures. ------------------------------------------------------------------- Description =========== The following vulnerabilities were reported in all mentioned Mozilla products: * TippingPoint's Zero Day Initiative reported that an incorrect integer data type is used as a CSS object reference counter, leading to a counter overflow and a free() of in-use memory (CVE-2008-2785). * Igor Bukanov, Jesse Ruderman and Gary Kwong reported crashes in the JavaScript engine, possibly triggering memory corruption (CVE-2008-2799). * Devon Hubbard, Jesse Ruderman, and Martijn Wargers reported crashes in the layout engine, possibly triggering memory corruption (CVE-2008-2798). * moz_bug_r_a4 reported that XUL documents that include a script from a chrome: URI that points to a fastload file would be executed with the privileges specified in the file (CVE-2008-2802). * moz_bug_r_a4 reported that the mozIJSSubScriptLoader.LoadScript() function only apply XPCNativeWrappers to scripts loaded from standard "chrome:" URIs, which could be the case in third-party add-ons (CVE-2008-2803). * Astabis reported a crash in the block reflow implementation related to large images (CVE-2008-2811). * John G. Myers, Frank Benkstein and Nils Toedtmann reported a weakness in the trust model used by Mozilla, that when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, the certificate is also regarded as accepted for all domain names in subjectAltName:dNSName fields (CVE-2008-2809). The following vulnerabilities were reported in Firefox, SeaMonkey and XULRunner: * moz_bug_r_a4 reported that the Same Origin Policy is not properly enforced on JavaScript (CVE-2008-2800). * Collin Jackson and Adam Barth reported that JAR signing is not properly implemented, allowing injection of JavaScript into documents within a JAR archive (CVE-2008-2801). * Opera Software reported an error allowing for arbitrary local file upload (CVE-2008-2805). * Daniel Glazman reported that an invalid .properties file for an add-on might lead to the usage of uninitialized memory (CVE-2008-2807). * Masahiro Yamada reported that HTML in "file://" URLs in directory listings is not properly escaped (CVE-2008-2808). * Geoff reported that the context of Windows Internet shortcut files is not correctly identified (CVE-2008-2810). * The crash vulnerability (CVE-2008-1380) that was previously announced in GLSA 200805-18 is now also also resolved in Seamonkey binary ebuilds. The following vulnerability was reported in Firefox only: * Billy Rios reported that the Pipe character in a command-line URI is identified as a request to open multiple tabs, allowing to open "chrome" and "file" URIs (CVE-2008-2933). Impact ====== A remote attacker could entice a user to view a specially crafted web page or email that will trigger one of the vulnerabilities, possibly leading to the execution of arbitrary code or a Denial of Service. It is also possible for an attacker to trick a user to upload arbitrary files or to accept an invalid certificate for a spoofed web site, to read uninitialized memory, to violate Same Origin Policy, or to conduct Cross-Site Scripting attacks. Workaround ========== There is no known workaround at this time. Resolution ========== All Mozilla Firefox users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-client/mozilla-firefox-2.0.0.16" All Mozilla Firefox binary users should upgrade to the latest version: # emerge --sync # emerge --ask -1 -v ">=www-client/mozilla-firefox-bin-2.0.0.16" All Mozilla Thunderbird users should upgrade to the latest version: # emerge --sync # emerge --ask -1 -v ">=mail-client/mozilla-thunderbird-2.0.0.16" All Mozilla Thunderbird binary users should upgrade to the latest version: # emerge --sync # emerge -a -1 -v ">=mail-client/mozilla-thunderbird-bin-2.0.0.16" All Seamonkey users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/seamonkey-1.1.11" All Seamonkey binary users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-client/seamonkey-bin-1.1.11" All XULRunner users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/xulrunner-1.8.1.16" All XULRunner binary users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=net-libs/xulrunner-bin-1.8.1.16" References ========== [ 1 ] CVE-2008-1380 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1380 [ 2 ] CVE-2008-2785 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2785 [ 3 ] CVE-2008-2798 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2798 [ 4 ] CVE-2008-2799 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2799 [ 5 ] CVE-2008-2800 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2800 [ 6 ] CVE-2008-2801 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2801 [ 7 ] CVE-2008-2802 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2802 [ 8 ] CVE-2008-2803 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2803 [ 9 ] CVE-2008-2805 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2805 [ 10 ] CVE-2008-2807 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2807 [ 11 ] CVE-2008-2808 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2808 [ 12 ] CVE-2008-2809 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2809 [ 13 ] CVE-2008-2810 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2810 [ 14 ] CVE-2008-2811 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2811 [ 15 ] CVE-2008-2933 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2933 [ 16 ] GLSA 200805-18 http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200808-03.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security ( -at -) gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200808-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Net-SNMP: Multiple vulnerabilities Date: August 06, 2008 Bugs: #222265, #225105 ID: 200808-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities in Net-SNMP allow for authentication bypass in snmpd and execution of arbitrary code in Perl applications using Net-SMNP. Background ========== Net-SNMP is a collection of tools for generating and retrieving SNMP data. The SNMPv3 protocol uses a keyed-Hash Message Authentication Code (HMAC) to verify data integrity and authenticity of SNMP messages. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-analyzer/net-snmp < 5.4.1.1 >= 5.4.1.1 Description =========== Wes Hardaker reported that the SNMPv3 HMAC verification relies on the client to specify the HMAC length (CVE-2008-0960). John Kortink reported a buffer overflow in the Perl bindings of Net-SNMP when processing the OCTETSTRING in an attribute value pair (AVP) received by an SNMP agent (CVE-2008-2292). Impact ====== An attacker could send SNMPv3 packets to an instance of snmpd providing a valid user name and an HMAC length value of 1, and easily conduct brute-force attacks to bypass SNMP authentication. An attacker could further entice a user to connect to a malicious SNMP agent with an SNMP client using the Perl bindings, possibly resulting in the execution of arbitrary code. Workaround ========== There is no known workaround at this time. Resolution ========== All Net-SNMP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-analyzer/net-snmp-5.4.1.1" References ========== [ 1 ] CVE-2008-0960 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0960 [ 2 ] CVE-2008-2292 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2292 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200808-02.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security ( -at -) gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200808-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: xine-lib: User-assisted execution of arbitrary code Date: August 06, 2008 Bugs: #213039, #214270, #218059 ID: 200808-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== xine-lib is vulnerable to multiple buffer overflows when processing media streams. Background ========== xine-lib is the core library package for the xine media player, and other players such as Amarok, Codeine/Dragon Player and Kaffeine. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-libs/xine-lib < 1.1.13 >= 1.1.13 Description =========== Multiple vulnerabilities have been discovered in xine-lib: * Alin Rad Pop of Secunia reported an array indexing vulnerability in the sdpplin_parse() function in the file input/libreal/sdpplin.c when processing streams from RTSP servers that contain a large "streamid" SDP parameter (CVE-2008-0073). * Luigi Auriemma reported multiple integer overflows that result in heap-based buffer overflows when processing ".FLV", ".MOV" ".RM", ".MVE", ".MKV", and ".CAK" files (CVE-2008-1482). * Guido Landi reported a stack-based buffer overflow in the demux_nsf_send_chunk() function when handling titles within NES Music (.NSF) files (CVE-2008-1878). Impact ====== A remote attacker could entice a user to play a specially crafted video file or stream with a player using xine-lib, potentially resulting in the execution of arbitrary code with the privileges of the user running the player. Workaround ========== There is no known workaround at this time. Resolution ========== All xine-lib users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/xine-lib-1.1.13" References ========== [ 1 ] CVE-2008-0073 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0073 [ 2 ] CVE-2008-1482 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1482 [ 3 ] CVE-2008-1878 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1878 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200808-01.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security ( -at -) gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Hi, It's Kristofer from DragonSteelMods, and I have a new review today that I think your readers might find interesting. Title: Thecus N3200 NAS Box Review ( -at -) DragonSteelMods Review Link: http://www.dragonsteelmods.com/index.php?option=com_content&task=view&id=8832&Itemid=1 Review Snipit: "Today for review I've got an excellent product from Thecus, it's the N3200 NAS box and it is a truly feature rich product that can add a new dimension to your storage capabilities of your home network. The N3200 is essentially a home storage server and it's billed as a 'Home NAS' but it's much more than that, it offers features that even a small business can utilize. With the N3200 you can have up to 3 Terabytes of storage capacity added to your network, the N3200 also offers various RAID solutions including RAID 5 which offers excellent security and performance for your data. On top of the security features theN3200 offers the ability to stream your media to other devices, a built in surveillance system with compatible webcams, HTTP, FTP and Bittorrent file transfer protocols, a print server, and even the ability to be wirelessly networked. The N3200 in physical size is small as well, but don't let it's size fool you, it's a fully featured NAS box that anyone can utilize for their storage needs. " Review Picture(200x150): http://www.dragonsteelmods.com/Images/reviews3/thecusN3200/thecus6.jpg Main site link: http://www.dragonsteelmods.com A post in your news would be greatly appreciated. Any and all news sent to me will be posted! If you would like to be added to our 'News Feeds' page please feel free to send me your http link to the feed and I will gladly add it ASAP. If you'd like to swap links for affiliation, I'd be happy to, just drop me a message...

Title: BFG 9800 GX2 1GB Video Card Reviewed ( -at -) TheTechLounge Quote: "It would be very, very hard not to covet this video card. I know I recently said that the 9800 GTX was the [censored]y card, but this one might actually look nicer, eye of the beholder and all. And it's not just skin-deep, it's faaast, and because of that, we can overlook its frightening heat production and power consumption. But it isn't a bargain. Thanks to price warring, it's in the 'you gotta be crazy' and not the 'price is no question' bracket, and because of that, it'll get more attention than it might deserve. It's compelling, after all-- especially the idea of quad SLI. Not that I'd turn one down, but the people for whom it makes sense are fewer than the people that can afford it. That is to say, it's a great piece of hardware, but it's only a good idea in the strictest of circumstances." Article URL: http://www.thetechlounge.com/article/551/BFG+9800+GX2+1GB+Video+Card/ Image URL: http://www.thetechlounge.com/files/articles/551/index_250.jpg If you think this article is of interest to your readers, we would greatly appreciate a post in your site's news. Please feel free to

Hi, We've just posted a new article on our website, Hardware Secrets. Title: Zalman GS1000 Case Review Link: http://www.hardwaresecrets.com/article/598 Category: Reviews Summary: Zalman GS1000 is a hybrid aluminum/steel full-tower case from Zalman, featuring four 5 ¼” bays and six 3 ½” bays for hard disk drives on the front of the case, three of them with hot swapping capability, and several other features. Here is a snippet: "Zalman GS1000 is a hybrid aluminum/steel full-tower case from Zalman: its side panels and details from its front panel are manufactured in aluminum, while its internal body is manufactured using the traditional zinc-coated steel. This helps reducing the price of the case compared to all-aluminum units. This case has four 5 ¼" bays and six 3 ½" bays for hard disk drives on the front of the case, three of them with hot swapping capability, and several other features." A news post would be highly appreciated. Thanks in advance, Gabriel Torres Editor-in-Chief Hardware Secrets http://www.hardwaresecrets.com ---------------------------------------------------------------------

Hi, We've just posted a new article on our website, Hardware Secrets. Title: iPhone 3G Review Link: http://www.hardwaresecrets.com/article/597 Category: Reviews Summary: Review of iPhone 3G from Apple, the most famous smart phone. Here is a snippet: "It's a cell phone, GPS locator, camera, and video iPod, all in one. It connects to the Internet via cell network or Wi-Fi. It is a complete personal digital assistant that can access email, calendar, and other pertinent information. While it's not the first cell phone to perform these tasks, it's large, clear touch screen, an accelerometer that tracks the position of the device, and a myriad of add-on applications make it unique. Recent price reductions and the faster speed of this new 3G model make it more appealing. So we set out to thoroughly assess the usability and likability of this new device." A news post would be highly appreciated. Thanks in advance, Gabriel Torres Editor-in-Chief Hardware Secrets http://www.hardwaresecrets.com ---------------------------------------------------------------------

Changes since 2.23.5 -------------------- Appearance: - Make theme installation from GIO-supported sources work (including drag and drop) (Jens Granseuer) (#545335) Default Applications: - Fix custom commands for mail default application (James Westby) Display: - Add a check box to turn on and off display icon (Soren Sandmann) - Draw rotated outputs rotated (Soren Sandmann) General: - Move directory deletion code from appearance capplet into common code (Bastien Nocera) - Make the file transfer dialog work with GFiles instead of gchar paths internally (Jens Granseuer) - Don't set notification theme to "standard" if the metatheme loaded doesn't define one (Jens Granseuer) (#546036) Keybindings: - When trying to assign a shortcut that is already in use, ask the user whether to reassign it instead of refusing to do anything (Denis Washington) (#133318) Shell: - Don't do thumbnailing, let Nautilus do it (Federico Mena Quintero) - Fix a build warning (Cosimo Cecchi) (#544538) Sound: - Remove separate bell settings tab (Bastien Nocera) - Remove libsounds dependency (Bastien Nocera) - Add freedesktop sound theme support through libcanberra (Bastien Nocera) - Fix property passing (Lennart Poettering) - Plug some leaks (Jens Granseuer) - Add some filtering for OSS devices and create more useful device descriptions (Alexander Schwenn) (#545275) - Added missing file to pass distcheck (Rodrigo Moya) Translations: - ar (Djihed Afifi) - es (Jorge Gonzalez) - gl (Ignacio Casal Quinteiro) - nb (Kjartan Maraas) - pt_BR (Leonardo Ferreira Fontenelle) - sv (Daniel Nylander) Availability ------------ http://download.gnome.org/sources/gnome-control-center/2.23/ Contact ------- * Bugs in http://bugzilla.gnome.org

gThumb 2.10.9 [stable] is released ================================== gThumb is an Image Viewer and Browser. gThumb 2.10.9 is now available for download at: http://ftp.gnome.org/pub/gnome/sources/gthumb/2.10/gthumb-2.10.9.tar.gz http://ftp.gnome.org/pub/gnome/sources/gthumb/2.10/gthumb-2.10.9.tar.bz2 Why? ==== Mostly to fix a build issue with libgphoto2 2.4.2+. An assortment of smaller bugs was also fixed. Fixes in 2.10.9 =============== * Fixed bug #508873 - gthumb cannot scale up images * Fixed bug #510326 - x-content/* support * Fixed bug #510521 - Canceling Save stops movement between pictures * Fixed bug #477285 - Hitting enter in Open Location Dialog while text entry is focused does nothing * Fixed bug #507790. Sort by DateTimeOriginal instead of DateTime. * Fixed bug #512374 - array accessed past end. * Fixed bug #543584 - fix build with libgphoto2 2.4.2 * Fixed bug #543771 - Segfault when hitting "Remove comment" * Fixed bug #544893 - Crash in web album Updated Translations ==================== * en_US (Djihed Afifi) * Slovak (Peter Tuhársky) * Czech (Kamil Páral) * catalan (Sílvia Miranda) * Hungarian (Gabor Kelemen) * Hebrew (Revan) * Ukrainian (Maxim Dziumanenko) Branches ======== 2.10.x is the current stable branch of gThumb. UI-breaking development is happening in trunk. No releases have been made yet from the trunk branch. Upgrade and enjoy! - Mike _______________________________________________

GTK+ 2.13.6 is now available for download at: http://download.gnome.org/sources/gtk+/2.13/ gtk+-2.13.6.tar.bz2 md5sum: d9b3455d4639d44073abd1fb89d0c7b9 gtk+-2.13.6.tar.gz md5sum: 14374de5407df1e794324c87d1634363 This is the seventh development release leading up to GTK+ 2.14. Notes: * This is unstable development release. While it has had a bit of testing, there are certainly plenty of bugs remaining to be found. This release should not be used in production. * Installing this version will overwrite your existing copy of GTK+. If you have problems, you'll need to reinstall GTK+ 2.12. * GTK+ 2.14 will be source and binary compatible with the GTK+ 2.12 series. The new API additions in GTK+ 2.13 are finalized at this point. * Bugs should be reported to http://bugzilla.gnome.org. What is GTK+ ============ GTK+ is a multi-platform toolkit for creating graphical user interfaces. Offering a complete set of widgets, GTK+ is suitable for projects ranging from small one-off tools to complete application suites. GTK+ has been designed from the ground up to support a range of languages, not only C/C++. Using GTK+ from languages such as Perl and Python (especially in combination with the Glade GUI builder) provides an effective method of rapid application development. GTK+ is free software and part of the GNU Project. However, the licensing terms for GTK+, the GNU LGPL, allow it to be used by all developers, including those developing proprietary software, without any license fees or royalties. Where to get more information about GTK+ ======================================== Information about GTK+ including links to documentation can be found at: http://www.gtk.org/ An installation guide for GTK+ 2.8 is found at: http://developer.gnome.org/doc/API/2.0/gtk/gtk-building.html Common questions: http://developer.gnome.org/doc/API/2.0/gtk/gtk-question-index.html http://www.gtk.org/faq/ Contributing ============ GTK+ is a large project and relies on voluntary contributions. We are actively searching for new contributors in various areas and invite everyone to help project development. If you are willing to participate, please subscribe to the project